Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adobe,Jucheck,happili,apple to name a few. Need Help removing all the

Started by timelord1371 , Sep 16 2012 03:01 AM

  • Please log in to reply

#1
timelord1371
Posted 16 September 2012 - 03:01 AM

timelord1371

    Member

  • Member
  • PipPip
  • 23 posts
First off thank you in advance for any and all help you can provide. I am sure you stay extremely busy. Now to the problem at hand...........

About a week now I have been meticulously going through my computer looking and can't believe I let this happen as I normally try and stay on top. I noticed right away the google redirect named happili. I hardly ever use google anymore and this is why. Here is the list of things that I was able to uncover:

Adobe reader x.....still here
apple update.......still here
jucheck...........haven't seen it today not sure if I got it off for good
happili........gone or hiding
bho.............gone or hiding
seen quite a as few permissions that I can't change under unknown or garble numbers and letters as users hijacking
free window registry repair seems to be one also
babylon
browser manager i am suspecting
blinkx beat

I have just run otl and will now send the logs. My problems seem to be now the hidden things and not the easy to remove(or so one thinks) more recognized named ones. I have gotten to point where i wanna wipe it all and throw it in a lake lol or wipe and run linux from a stick upon boot. List of things I have tried.....

combofix
hitman pro
malwarebytes
free window registry repair
rkill
fileassasin

I have seemed to removed the easy to see stuff but lot still there hiding. Any assistance greatly appreciated.

OTL logfile created on: 9/16/2012 2:47:49 AM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Timelord\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 40.29% Memory free
3.71 Gb Paging File | 1.87 Gb Available in Paging File | 50.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 171.36 Gb Free Space | 78.68% Space Free | Partition Type: NTFS

Computer Name: TARDIS | User Name: Timelord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/16 02:28:25 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
PRC - [2012/09/08 21:24:25 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/11 03:45:40 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/15 09:06:12 | 000,052,608 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\Common Files\DivX Shared\DesktopService\DDMService.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/20 13:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/05/09 20:41:56 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/14 06:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 06:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 06:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/03/02 10:20:58 | 000,224,256 | ---- | M] () -- C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe
PRC - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/08 21:24:25 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/11 23:43:43 | 000,108,392 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2011/05/10 16:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/08 21:24:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/20 21:32:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/02 10:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 00:48:49 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 04:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/01/13 22:01:44 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/01/04 12:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/08 05:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/05/04 10:51:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/04 10:50:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://duckduckgo.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/28 21:54:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/21 00:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 21:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 23:50:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/12 00:04:44 | 000,000,000 | ---D | M]

[2012/07/13 19:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Extensions
[2012/09/12 05:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions
[2012/09/01 00:34:24 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\[email protected]
[1832/11/28 23:51:36 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\[email protected]
[2012/09/12 00:50:37 | 000,010,316 | ---- | M] () -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\duckduckgo.xml
[2012/02/11 03:52:01 | 000,002,519 | ---- | M] () -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\Search_Results.xml
[2012/07/13 19:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/08 21:24:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/12 00:04:31 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/31 00:30:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 03:52:01 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/31 00:30:11 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/14 14:24:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8 - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A130A72-9EF6-42C2-BBBC-1A5BF9E45E7A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/16 02:28:09 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
[2012/09/15 02:32:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/15 02:15:54 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Users\Timelord\Desktop\startuplite-setup-1.07.exe
[2012/09/15 02:13:28 | 000,065,232 | ---- | C] (Malwarebytes) -- C:\Users\Timelord\Desktop\regassassin-setup-1.03.exe
[2012/09/14 14:24:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/14 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/12 01:43:18 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\snake
[2012/09/12 00:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TGF Interactive
[2012/09/12 00:04:48 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012/09/12 00:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012/09/12 00:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair
[2012/09/12 00:04:46 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/09/12 00:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/12 00:04:30 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Babylon
[2012/09/12 00:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegpairSetup
[2012/09/11 23:57:10 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/09/11 23:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/09/11 23:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/11 23:42:11 | 008,864,168 | ---- | C] (SurfRight B.V.) -- C:\Users\Timelord\Desktop\HitmanPro36_x64.exe
[2012/09/11 17:07:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/11 17:07:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/11 17:07:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/11 17:06:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/11 17:06:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/11 17:05:22 | 004,759,433 | R--- | C] (Swearware) -- C:\Users\Timelord\Desktop\nothappy.exe
[2012/09/11 17:04:59 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\not happy
[2012/08/25 11:45:44 | 000,000,000 | R--D | C] -- C:\Users\Timelord\Desktop\Heinz 57
[2012/08/21 00:53:27 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Local\DDMSettings
[2012/08/18 12:37:30 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bicycle
[2012/08/18 12:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bicycle


========== Files - Modified Within 30 Days ==========

[2012/09/16 02:30:01 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Data Sending task.job
[2012/09/16 02:28:25 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
[2012/09/15 22:54:54 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 22:54:54 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 22:49:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/15 10:46:05 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/15 10:46:05 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/15 10:46:05 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/15 10:41:47 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2012/09/15 10:41:41 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/15 02:15:54 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Users\Timelord\Desktop\startuplite-setup-1.07.exe
[2012/09/15 02:13:32 | 000,065,232 | ---- | M] (Malwarebytes) -- C:\Users\Timelord\Desktop\regassassin-setup-1.03.exe
[2012/09/14 14:24:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/12 20:36:02 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2012/09/12 03:22:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/09/12 00:04:48 | 000,001,035 | ---- | M] () -- C:\Users\Timelord\Desktop\Free Window Registry Repair.lnk
[2012/09/12 00:04:35 | 000,000,304 | ---- | M] () -- C:\user.js
[2012/09/11 23:43:43 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/09/11 23:42:19 | 008,864,168 | ---- | M] (SurfRight B.V.) -- C:\Users\Timelord\Desktop\HitmanPro36_x64.exe
[2012/09/11 17:05:32 | 004,759,433 | R--- | M] (Swearware) -- C:\Users\Timelord\Desktop\nothappy.exe
[2012/09/11 15:52:47 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/09/11 15:04:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 12:27:58 | 000,007,667 | ---- | M] () -- C:\Users\Timelord\AppData\Local\Resmon.ResmonCfg
[2012/09/10 11:09:35 | 023,755,885 | ---- | M] (Igor Pavlov) -- C:\Users\Timelord\Desktop\tordate2.exe
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/30 23:13:58 | 000,000,218 | ---- | M] () -- C:\Users\Timelord\.recently-used.xbel
[2012/08/21 00:52:39 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/08/21 00:52:22 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

========== Files Created - No Company Name ==========

[2012/09/15 10:41:47 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012/09/15 00:46:49 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Acer Registration - Data Sending task.job
[2012/09/12 20:36:02 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2012/09/12 00:04:48 | 000,001,035 | ---- | C] () -- C:\Users\Timelord\Desktop\Free Window Registry Repair.lnk
[2012/09/12 00:04:35 | 000,000,304 | ---- | C] () -- C:\user.js
[2012/09/11 23:43:43 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/09/11 17:07:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/11 17:07:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/11 17:07:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/11 17:07:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/11 17:07:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/11 15:52:36 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/09/10 12:27:58 | 000,007,667 | ---- | C] () -- C:\Users\Timelord\AppData\Local\Resmon.ResmonCfg
[2012/08/30 23:13:58 | 000,000,218 | ---- | C] () -- C:\Users\Timelord\.recently-used.xbel
[2012/08/21 00:52:22 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/08/21 00:52:03 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/06/24 02:25:45 | 000,006,035 | ---- | C] () -- C:\Users\Timelord\cassidy.asc
[2011/07/14 11:20:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/14 11:20:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/14 11:20:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/09/15 03:37:19 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\Babylon

[2012/09/12 01:27:35 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\gnupg
[2012/08/30 20:04:45 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\gtk-2.0
[2012/07/13 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\poclbm
[2012/05/05 14:24:15 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\PowerCinema
[2012/04/19 01:04:18 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\TrueCrypt
[2012/06/29 09:40:16 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\WildTangent
[2012/09/16 02:30:01 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Data Sending task.job
[2012/09/12 14:15:52 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/05/31 22:35:36 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\뾠Ä
[2012/05/31 22:35:36 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\뾠Ä

< End of report >



OTL Extras logfile created on: 9/16/2012 2:47:49 AM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Timelord\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 40.29% Memory free
3.71 Gb Paging File | 1.87 Gb Available in Paging File | 50.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 171.36 Gb Free Space | 78.68% Space Free | Partition Type: NTFS

Computer Name: TARDIS | User Name: Timelord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A52AB3A-6999-455A-99AB-A0157F53B5C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{12A5E838-5799-4E56-9719-1368A016BA86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AAE1A31-B60A-4E84-896B-FB98F992BD4E}" = rport=138 | protocol=17 | dir=out | app=system |
"{244F5CAE-5B95-4BB4-8005-7F9F8921B31F}" = rport=139 | protocol=6 | dir=out | app=system |
"{2942A09B-4322-4B62-AFF3-B26F0C26FA5D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{32547567-0665-4045-8BBC-85EA74968E8E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3CF6F651-BCF3-4741-B669-2762AA80CA5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54509B80-8C26-4E32-810F-E83D11308809}" = lport=445 | protocol=6 | dir=in | app=system |
"{59967599-3EB8-40DC-876D-50535D3FAA0B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BB40877-FF3B-4CE9-81C7-12CEFAAEC198}" = rport=10243 | protocol=6 | dir=out | app=system |
"{66511527-BFF6-4A46-B169-7574452B236B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{710324AE-5A65-40F1-912A-6C39AA70851E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73E3F428-1936-4C9E-9D2E-B6F7516A612A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{753AF8B8-FE62-4AD9-80AA-EC8CF0228675}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{785763C4-48D7-4FC1-A5E2-909A38A2D32A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85071794-F117-4238-9240-1AF695F61B25}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8C979A0F-73FC-4CA3-A739-67CC74C266C6}" = rport=137 | protocol=17 | dir=out | app=system |
"{8E71E9EB-AB85-45F6-AF88-22BBD4319E55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C60B2AB1-61D0-4819-A1E4-889BB96CBECA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA518683-167B-4F8B-8A78-AF5B96D5336E}" = rport=445 | protocol=6 | dir=out | app=system |
"{CECA6E80-B68F-4968-AF4B-FD1E0E670F2D}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6D70D55-E96A-4A8C-9B0C-92DFDBAC158E}" = lport=137 | protocol=17 | dir=in | app=system |
"{FEC50325-5F6D-4670-AD2B-3BD5ED72634E}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081AB592-DE10-4C29-85B4-48374A9CBCE2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{0EA89E12-D4E9-4EC2-B539-19249CC16CEF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{13B1AB35-91F1-4E81-B351-F3614157D5FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13C015D3-A3CE-43F9-9DF5-8D0777EE3AA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A3FF2A2-47F5-49E8-9ADE-B43E99142F9E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1D4F538D-FC7B-4F04-8D3B-B3A50667F653}" = protocol=17 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |
"{21B0551D-344D-4D8E-85C4-DF6C559BF987}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{36B68BD9-CE4D-4EC6-BE90-38962171247A}" = protocol=58 | dir=in | [email protected],-28545 |
"{397908C1-C55F-4FD7-AC11-F2431E97194A}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{3BDB31BF-B1B0-40CA-ADA2-CB40D384A7CD}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{444EE982-511A-4913-B83E-A0415621F288}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{452314EB-634F-4693-B551-F4A9390B7FE0}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{4D4BAD19-299C-4B10-9319-0EFB7D797618}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{4D5550C9-A0D4-4882-8CEC-6F47FDE0DABA}" = protocol=1 | dir=in | [email protected],-28543 |
"{4D5813FE-54EB-40BF-8296-5B926FE396D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{545E8CC4-BC1E-4DDA-B792-15B500F7DBEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64938223-6A5F-4F5F-A5FA-831E75CB7976}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{66D5511F-9E36-4359-ABBA-465738A53964}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68122405-2DCE-4EC4-8194-052C43FC6CD3}" = protocol=1 | dir=out | [email protected],-28544 |
"{68CA4928-C56A-4886-98B0-A489FAB50A89}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{70E83044-C2B4-4551-BE61-D326E44CF2EA}" = protocol=6 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |
"{7A1183C0-9B7E-4410-8AFB-B0CFDA1779AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{800CA7FE-13CE-4BC5-A0B5-7FB08C5EDA9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95C0D198-FDD5-465C-A7E5-9E10E667204F}" = protocol=17 | dir=in | app=c:\program files (x86)\att-hsi\mccibrowser.exe |
"{A0A90567-6955-4B78-A7CE-EF64D47B2207}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8D309C9-3E9D-4A3D-8837-F00394A588C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C149BC3E-18D1-4332-8C54-71002003D1C7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{C1543C11-8088-4292-939F-EEB9A5C8772A}" = protocol=6 | dir=out | app=system |
"{C41CFA0C-3225-404D-B2CB-C457256A6B02}" = protocol=58 | dir=out | [email protected],-28546 |
"{C7001B9D-85A4-42D0-8913-2749FB8980C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9B2AABE-B667-4A2B-9A2E-B3A85750BC4D}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"{D2F0D842-8E82-4554-99D7-9966C897819E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D59D16B9-8BC4-43CF-B8BE-9920AC1381D8}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{DA7C8EE4-2539-4695-AB72-A69F1683D347}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"{DE1E049B-8A26-42DB-926D-9CEF677FEF5B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E4308FC4-DC56-4B71-AA34-5D106899CF33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5CEF7A0-0EF1-4D55-8569-2BCD5FCC974B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F4971A23-2A6C-4E7B-AF3A-300683CA6DAF}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{FA65B0B7-81F3-4717-A013-78B789C9CD63}" = protocol=6 | dir=in | app=c:\program files (x86)\att-hsi\mccibrowser.exe |
"{FE802835-ADF4-476E-B613-8F327873665E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2CD8B984-A30C-4E70-B42D-ADCB45E6D935}E:\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |
"TCP Query User{97F33BD5-9E6A-4AAA-B3BC-D8D1415C0B7D}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{D167788B-FFBA-4E26-96F1-41D9B4A725E5}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{3D389426-8F2C-4A2A-A2D0-F440E8367F2D}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{40C1999D-F728-41AA-B006-1B743759A4FE}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{F83049C5-9634-402C-921C-648B087ED41B}E:\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HitmanPro36" = HitmanPro 3.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AC6FC35-8E40-4380-8E21-E117199738D3}" = Translate Genius
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB398DDB-0E7B-400B-A940-7E61FB91A531}" = Alcor Micro USB Card Reader
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECAD1063-CF2B-45F3-7946-A8B970007A80}" = Intel® SDK for OpenCL* Applications 2012
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"AmUStor" = Alcor Micro USB Card Reader
"BN_DesktopReader" = NOOK for PC
"DivX Setup" = DivX Setup
"Free Window Registry Repair" = Free Window Registry Repair
"GPG4Win" = Gpg4win (2.1.0)
"Identity Card" = Identity Card
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 15.0" = RealPlayer
"Solitaire" = Solitaire (remove only)
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.0.1
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-09865b5d-dbbb-42a5-9e21-0911ae3bc1e1" = Chuzzle Deluxe
"WTA-22148bcd-cdcb-432b-b1a3-255a4ca88370" = Governor of Poker 2 Premium Edition
"WTA-32ce7ac7-df20-4f64-a36b-c7f9d307b6d5" = FATE: The Cursed King
"WTA-42a78965-05f4-4c5a-9f07-ab6633e72188" = Final Drive: Nitro
"WTA-45bc88a8-da54-4104-a4a5-a161013856fe" = Torchlight
"WTA-631779f2-102e-4d0d-92f3-10776e1f37e1" = Build-a-lot 4 - Power Source
"WTA-64a3eb7e-8848-4d12-896b-941558503513" = Agatha Christie - Death on the Nile
"WTA-73d33827-15d7-4263-bcc3-a82875e8495c" = Penguins!
"WTA-7d5a13d5-cd66-43bf-84c2-ee29dec72e54" = Chronicles of Albian
"WTA-8128a357-86e6-418a-9f09-d9f999e75bd1" = Cradle of Rome 2
"WTA-8314bf59-b0a6-4503-96ab-230da3049e15" = Polar Golfer
"WTA-8b958470-544f-459c-84f4-6b1b4994beaf" = Polar Bowler
"WTA-945143bb-2a26-4792-9d78-894cf508db30" = Mystery of Mortlake Mansion
"WTA-9eeca8d2-3588-4eaf-abd2-1c5d0ddf0ee1" = Plants vs. Zombies - Game of the Year
"WTA-a221c363-6068-4c86-9299-d4bb17a43b08" = Zuma's Revenge
"WTA-a3ac135f-0aaf-430e-8fd9-2f118e0e337a" = Jewel Match 3
"WTA-ad14a649-1367-4557-a588-ffb28157aa95" = Dora's World Adventure
"WTA-eb356ef9-d705-449c-aae5-53ae670467fd" = Virtual Villagers 5 - New Believers
"WTA-f3e5c38c-a3cb-424d-8ad6-7de969af51a1" = Bejeweled 2 Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2012 6:05:52 PM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/4/2012 6:05:55 PM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/5/2012 2:11:35 AM | Computer Name = tardis | Source = WinMgmt | ID = 10
Description =

Error - 8/5/2012 3:43:25 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/5/2012 3:43:28 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/5/2012 6:21:00 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/5/2012 6:21:01 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/5/2012 4:50:11 PM | Computer Name = tardis | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2012 7:10:41 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/6/2012 7:10:43 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 6/17/2012 3:21:44 PM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 2:21:44 PM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 6/26/2012 11:17:06 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 10:17:06 AM - Error connecting to the internet. 10:17:06 AM - Unable
to contact server..

Error - 6/26/2012 11:17:14 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 10:17:12 AM - Error connecting to the internet. 10:17:12 AM - Unable
to contact server..

Error - 7/6/2012 12:01:11 PM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 11:01:11 AM - Error connecting to the internet. 11:01:11 AM - Unable
to contact server..

Error - 7/6/2012 12:01:20 PM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 11:01:16 AM - Error connecting to the internet. 11:01:16 AM - Unable
to contact server..

Error - 7/13/2012 10:27:12 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 9:27:12 AM - Error connecting to the internet. 9:27:12 AM - Unable
to contact server..

Error - 7/13/2012 10:27:18 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 9:27:17 AM - Error connecting to the internet. 9:27:17 AM - Unable
to contact server..

[ System Events ]
Error - 9/14/2012 3:18:35 PM | Computer Name = tardis | Source = DCOM | ID = 10005
Description =

Error - 9/14/2012 3:18:38 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 9/14/2012 3:21:29 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 9/14/2012 3:22:55 PM | Computer Name = tardis | Source = Application Popup | ID = 1060
Description = \??\C:\nothappy\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 9/14/2012 3:22:55 PM | Computer Name = tardis | Source = Application Popup | ID = 1060
Description = \??\C:\nothappy\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 9/14/2012 3:23:26 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 9/14/2012 3:24:02 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 9/14/2012 3:28:58 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 9/14/2012 3:29:03 PM | Computer Name = tardis | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.135.1218.0).

Error - 9/14/2012 4:48:20 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the PlugPlay service.


< End of report >



THANK YOU
  • 0

Advertisements

#2
Gammo
Posted 19 September 2012 - 07:09 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
  • Note: the Extras.txt file only gets created on OTL's first run.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
timelord1371
Posted 19 September 2012 - 06:18 PM

timelord1371

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello and thank you. I will try and explain the best I can on what problems are occuring because this is the first time EVER having problems like this.

I first began noticing I kept getting these update messages and thought they looked sketchy but just assumed they were just what they said Updates! I for some reason never did click ok and now my gut feeling that they were nothing I wanted was true. Not long after I was doing a search using google which I hardly ever use anymore for this very reason. Ran a scan and sure enough "Happili" showed itself. At this point a series of things started going wrong. Here is the very first log from Malwarebytes:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Timelord :: TARDIS [administrator]

9/11/2012 3:06:11 PM
mbam-log-2012-09-11 (15-06-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196102
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Timelord\AppData\Local\Cyberlink\Adobe\ztspdpl.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Users\Timelord\AppData\Local\Cyberlink\Adobe\ztspdpl.dll",SonyUsbCheckMyDeviceW -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Timelord\AppData\Local\Temp\0.7288880726478606 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Timelord\AppData\Local\Temp\0.8531974126772154 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Timelord\AppData\Local\Temp\0.7653415664654616 (Exploit.Drop.9) -> Quarantined and deleted successfully.
C:\Users\Timelord\AppData\Local\Cyberlink\Adobe\ztspdpl.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.

(end)


In a matter of minutes started noticing that a chain reaction might be in full swing. Log #4:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Timelord :: TARDIS [administrator]

9/11/2012 9:53:28 PM
mbam-log-2012-09-11 (21-53-28).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302074
Time elapsed: 27 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Timelord\AppData\Local\LhootSA\bin\2.0.7.0\LhootSACB.exe (Adware.HotBar.Gen) -> Quarantined and deleted successfully.

(end)


I spent 2 days studying my system and realized i am not in control of my system. This showed up out of the blue:
C:\Users\Timelord\Local Settings\Temporary Internet Files\Content.IE5\7SAJTWSB\cleaner_5357[1].exe (PUP.Adware.Agent) -> Quarantined and deleted successfully

Then again another:
C:\Users\Timelord\AppData\Local\Temp\0.21676200865918194 (Trojan.BHO) -> Quarantined and deleted successfully.


Although it says removed I am 95% convinced its not all gone. Adobe,jucheck,windows updater,apple updater and quite a bit of unknown user type files with all access and I am not able to delete or deny permissions. Here is the OTL logs:


OTL logfile created on: 9/19/2012 6:31:14 PM - Run 5
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Timelord\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 51.76% Memory free
3.71 Gb Paging File | 2.45 Gb Available in Paging File | 66.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 170.90 Gb Free Space | 78.47% Space Free | Partition Type: NTFS

Computer Name: TARDIS | User Name: Timelord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Timelord\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (DirMngr) -- C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192Ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://duckduckgo.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/28 21:54:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/21 00:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 21:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/17 02:06:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/12 00:04:44 | 000,000,000 | ---D | M]

[2012/07/13 19:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Extensions
[2012/09/12 05:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions
[2012/09/01 00:34:24 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\[email protected]
[1832/11/28 23:51:36 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\[email protected]
[2012/09/12 00:50:37 | 000,010,316 | ---- | M] () -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\duckduckgo.xml
[2012/02/11 03:52:01 | 000,002,519 | ---- | M] () -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\Search_Results.xml
[2012/07/13 19:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/08 21:24:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/12 00:04:31 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/31 00:30:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 03:52:01 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/31 00:30:11 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/19 02:53:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8 - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A130A72-9EF6-42C2-BBBC-1A5BF9E45E7A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/19 02:53:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/19 02:44:30 | 000,000,000 | ---D | C] -- C:\nothappy
[2012/09/16 23:28:11 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\GooredFix Backups
[2012/09/16 23:26:08 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Timelord\Desktop\GooredFix.exe
[2012/09/16 23:18:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/16 23:08:41 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\erunt
[2012/09/16 23:04:28 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTM.exe
[2012/09/16 22:59:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/16 06:01:39 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Local\Macromedia
[2012/09/16 02:28:09 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
[2012/09/15 02:32:40 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/09/15 02:15:54 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Users\Timelord\Desktop\startuplite-setup-1.07.exe
[2012/09/15 02:13:28 | 000,065,232 | ---- | C] (Malwarebytes) -- C:\Users\Timelord\Desktop\regassassin-setup-1.03.exe
[2012/09/14 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/12 01:43:18 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\snake
[2012/09/12 00:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TGF Interactive
[2012/09/12 00:04:48 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012/09/12 00:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012/09/12 00:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair
[2012/09/12 00:04:46 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/09/12 00:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/12 00:04:30 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Babylon
[2012/09/12 00:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegpairSetup
[2012/09/11 23:57:10 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/09/11 23:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/09/11 23:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/11 23:42:11 | 008,864,168 | ---- | C] (SurfRight B.V.) -- C:\Users\Timelord\Desktop\HitmanPro36_x64.exe
[2012/09/11 17:07:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/11 17:07:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/11 17:07:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/11 17:06:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/11 17:06:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/11 17:05:22 | 004,752,754 | R--- | C] (Swearware) -- C:\Users\Timelord\Desktop\nothappy.exe
[2012/09/10 11:10:29 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\Tor Browser
[2012/09/10 10:59:32 | 023,755,885 | ---- | C] (Igor Pavlov) -- C:\Users\Timelord\Desktop\tordate2.exe
[2012/08/25 11:45:44 | 000,000,000 | R--D | C] -- C:\Users\Timelord\Desktop\Heinz 57
[2012/08/21 00:53:27 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Local\DDMSettings
[2012/06/23 13:55:19 | 023,748,738 | ---- | C] (Igor Pavlov) -- C:\Users\Timelord\tor-browser-2.2.37-1_en-US.exe

========== Files - Modified Within 30 Days ==========

[2012/09/19 18:30:02 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Data Sending task.job
[2012/09/19 17:35:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/19 13:19:00 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 13:19:00 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 13:15:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/19 13:15:56 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/19 13:15:56 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/19 13:11:41 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2012/09/19 13:11:31 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/19 02:53:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/19 02:43:36 | 004,752,754 | R--- | M] (Swearware) -- C:\Users\Timelord\Desktop\nothappy.exe
[2012/09/17 02:06:01 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/09/16 23:26:15 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Timelord\Desktop\GooredFix.exe
[2012/09/16 23:18:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2012/09/16 23:04:36 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTM.exe
[2012/09/16 02:28:25 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
[2012/09/15 02:15:54 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Users\Timelord\Desktop\startuplite-setup-1.07.exe
[2012/09/15 02:13:32 | 000,065,232 | ---- | M] (Malwarebytes) -- C:\Users\Timelord\Desktop\regassassin-setup-1.03.exe
[2012/09/12 20:36:02 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2012/09/12 03:22:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/09/12 00:04:48 | 000,001,035 | ---- | M] () -- C:\Users\Timelord\Desktop\Free Window Registry Repair.lnk
[2012/09/12 00:04:35 | 000,000,304 | ---- | M] () -- C:\user.js
[2012/09/11 23:43:43 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/09/11 23:42:19 | 008,864,168 | ---- | M] (SurfRight B.V.) -- C:\Users\Timelord\Desktop\HitmanPro36_x64.exe
[2012/09/11 15:52:47 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/09/11 15:04:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 12:27:58 | 000,007,667 | ---- | M] () -- C:\Users\Timelord\AppData\Local\Resmon.ResmonCfg
[2012/09/10 11:09:35 | 023,755,885 | ---- | M] (Igor Pavlov) -- C:\Users\Timelord\Desktop\tordate2.exe
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/30 23:13:58 | 000,000,218 | ---- | M] () -- C:\Users\Timelord\.recently-used.xbel
[2012/08/21 00:52:39 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/08/21 00:52:22 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

========== Files Created - No Company Name ==========

[2012/09/19 13:11:41 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012/09/17 02:06:01 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/09/15 00:46:49 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Acer Registration - Data Sending task.job
[2012/09/12 20:36:02 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2012/09/12 00:04:48 | 000,001,035 | ---- | C] () -- C:\Users\Timelord\Desktop\Free Window Registry Repair.lnk
[2012/09/12 00:04:35 | 000,000,304 | ---- | C] () -- C:\user.js
[2012/09/11 23:43:43 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/09/11 17:07:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/11 17:07:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/11 17:07:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/11 17:07:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/11 17:07:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/11 15:52:36 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/09/10 12:27:58 | 000,007,667 | ---- | C] () -- C:\Users\Timelord\AppData\Local\Resmon.ResmonCfg
[2012/08/30 23:13:58 | 000,000,218 | ---- | C] () -- C:\Users\Timelord\.recently-used.xbel
[2012/08/21 00:52:22 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/08/21 00:52:03 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/06/24 02:25:45 | 000,006,035 | ---- | C] () -- C:\Users\Timelord\cassidy.asc
[2011/07/14 11:20:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/14 11:20:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/14 11:20:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/09/15 03:37:19 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\Babylon
[2012/08/31 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\Bitcoin
[2012/06/04 21:03:48 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\Electrum-P
[2012/09/12 01:27:35 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\gnupg
[2012/08/30 20:04:45 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\gtk-2.0
[2012/07/13 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\poclbm
[2012/05/05 14:24:15 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\PowerCinema
[2012/04/19 01:04:18 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\TrueCrypt
[2012/06/29 09:40:16 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\WildTangent
[2012/09/19 18:30:02 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Data Sending task.job
[2012/09/12 14:15:52 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/05/31 22:35:36 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\뾠Ä
[2012/05/31 22:35:36 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\뾠Ä

< End of report >


OTL Extras logfile created on: 9/16/2012 3:19:41 AM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Timelord\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 34.65% Memory free
3.71 Gb Paging File | 1.79 Gb Available in Paging File | 48.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 171.36 Gb Free Space | 78.68% Space Free | Partition Type: NTFS

Computer Name: TARDIS | User Name: Timelord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2560925396-3286970015-408714028-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A52AB3A-6999-455A-99AB-A0157F53B5C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{12A5E838-5799-4E56-9719-1368A016BA86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AAE1A31-B60A-4E84-896B-FB98F992BD4E}" = rport=138 | protocol=17 | dir=out | app=system |
"{244F5CAE-5B95-4BB4-8005-7F9F8921B31F}" = rport=139 | protocol=6 | dir=out | app=system |
"{2942A09B-4322-4B62-AFF3-B26F0C26FA5D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{32547567-0665-4045-8BBC-85EA74968E8E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3CF6F651-BCF3-4741-B669-2762AA80CA5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54509B80-8C26-4E32-810F-E83D11308809}" = lport=445 | protocol=6 | dir=in | app=system |
"{59967599-3EB8-40DC-876D-50535D3FAA0B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BB40877-FF3B-4CE9-81C7-12CEFAAEC198}" = rport=10243 | protocol=6 | dir=out | app=system |
"{66511527-BFF6-4A46-B169-7574452B236B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{710324AE-5A65-40F1-912A-6C39AA70851E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73E3F428-1936-4C9E-9D2E-B6F7516A612A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{753AF8B8-FE62-4AD9-80AA-EC8CF0228675}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{785763C4-48D7-4FC1-A5E2-909A38A2D32A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85071794-F117-4238-9240-1AF695F61B25}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8C979A0F-73FC-4CA3-A739-67CC74C266C6}" = rport=137 | protocol=17 | dir=out | app=system |
"{8E71E9EB-AB85-45F6-AF88-22BBD4319E55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C60B2AB1-61D0-4819-A1E4-889BB96CBECA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA518683-167B-4F8B-8A78-AF5B96D5336E}" = rport=445 | protocol=6 | dir=out | app=system |
"{CECA6E80-B68F-4968-AF4B-FD1E0E670F2D}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6D70D55-E96A-4A8C-9B0C-92DFDBAC158E}" = lport=137 | protocol=17 | dir=in | app=system |
"{FEC50325-5F6D-4670-AD2B-3BD5ED72634E}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081AB592-DE10-4C29-85B4-48374A9CBCE2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{0EA89E12-D4E9-4EC2-B539-19249CC16CEF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{13B1AB35-91F1-4E81-B351-F3614157D5FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13C015D3-A3CE-43F9-9DF5-8D0777EE3AA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A3FF2A2-47F5-49E8-9ADE-B43E99142F9E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1D4F538D-FC7B-4F04-8D3B-B3A50667F653}" = protocol=17 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |
"{21B0551D-344D-4D8E-85C4-DF6C559BF987}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{36B68BD9-CE4D-4EC6-BE90-38962171247A}" = protocol=58 | dir=in | [email protected],-28545 |
"{397908C1-C55F-4FD7-AC11-F2431E97194A}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{3BDB31BF-B1B0-40CA-ADA2-CB40D384A7CD}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{444EE982-511A-4913-B83E-A0415621F288}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{452314EB-634F-4693-B551-F4A9390B7FE0}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{4D4BAD19-299C-4B10-9319-0EFB7D797618}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{4D5550C9-A0D4-4882-8CEC-6F47FDE0DABA}" = protocol=1 | dir=in | [email protected],-28543 |
"{4D5813FE-54EB-40BF-8296-5B926FE396D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{545E8CC4-BC1E-4DDA-B792-15B500F7DBEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64938223-6A5F-4F5F-A5FA-831E75CB7976}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{66D5511F-9E36-4359-ABBA-465738A53964}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68122405-2DCE-4EC4-8194-052C43FC6CD3}" = protocol=1 | dir=out | [email protected],-28544 |
"{68CA4928-C56A-4886-98B0-A489FAB50A89}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{70E83044-C2B4-4551-BE61-D326E44CF2EA}" = protocol=6 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |
"{7A1183C0-9B7E-4410-8AFB-B0CFDA1779AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{800CA7FE-13CE-4BC5-A0B5-7FB08C5EDA9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95C0D198-FDD5-465C-A7E5-9E10E667204F}" = protocol=17 | dir=in | app=c:\program files (x86)\att-hsi\mccibrowser.exe |
"{A0A90567-6955-4B78-A7CE-EF64D47B2207}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8D309C9-3E9D-4A3D-8837-F00394A588C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C149BC3E-18D1-4332-8C54-71002003D1C7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{C1543C11-8088-4292-939F-EEB9A5C8772A}" = protocol=6 | dir=out | app=system |
"{C41CFA0C-3225-404D-B2CB-C457256A6B02}" = protocol=58 | dir=out | [email protected],-28546 |
"{C7001B9D-85A4-42D0-8913-2749FB8980C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9B2AABE-B667-4A2B-9A2E-B3A85750BC4D}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"{D2F0D842-8E82-4554-99D7-9966C897819E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D59D16B9-8BC4-43CF-B8BE-9920AC1381D8}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{DA7C8EE4-2539-4695-AB72-A69F1683D347}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"{DE1E049B-8A26-42DB-926D-9CEF677FEF5B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E4308FC4-DC56-4B71-AA34-5D106899CF33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5CEF7A0-0EF1-4D55-8569-2BCD5FCC974B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F4971A23-2A6C-4E7B-AF3A-300683CA6DAF}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{FA65B0B7-81F3-4717-A013-78B789C9CD63}" = protocol=6 | dir=in | app=c:\program files (x86)\att-hsi\mccibrowser.exe |
"{FE802835-ADF4-476E-B613-8F327873665E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2CD8B984-A30C-4E70-B42D-ADCB45E6D935}E:\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |
"TCP Query User{97F33BD5-9E6A-4AAA-B3BC-D8D1415C0B7D}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{D167788B-FFBA-4E26-96F1-41D9B4A725E5}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{3D389426-8F2C-4A2A-A2D0-F440E8367F2D}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{40C1999D-F728-41AA-B006-1B743759A4FE}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{F83049C5-9634-402C-921C-648B087ED41B}E:\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HitmanPro36" = HitmanPro 3.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AC6FC35-8E40-4380-8E21-E117199738D3}" = Translate Genius
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB398DDB-0E7B-400B-A940-7E61FB91A531}" = Alcor Micro USB Card Reader
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECAD1063-CF2B-45F3-7946-A8B970007A80}" = Intel® SDK for OpenCL* Applications 2012
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"AmUStor" = Alcor Micro USB Card Reader
"BN_DesktopReader" = NOOK for PC
"DivX Setup" = DivX Setup
"Free Window Registry Repair" = Free Window Registry Repair
"GPG4Win" = Gpg4win (2.1.0)
"Identity Card" = Identity Card
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 15.0" = RealPlayer
"Solitaire" = Solitaire (remove only)
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.0.1
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-09865b5d-dbbb-42a5-9e21-0911ae3bc1e1" = Chuzzle Deluxe
"WTA-22148bcd-cdcb-432b-b1a3-255a4ca88370" = Governor of Poker 2 Premium Edition
"WTA-32ce7ac7-df20-4f64-a36b-c7f9d307b6d5" = FATE: The Cursed King
"WTA-42a78965-05f4-4c5a-9f07-ab6633e72188" = Final Drive: Nitro
"WTA-45bc88a8-da54-4104-a4a5-a161013856fe" = Torchlight
"WTA-631779f2-102e-4d0d-92f3-10776e1f37e1" = Build-a-lot 4 - Power Source
"WTA-64a3eb7e-8848-4d12-896b-941558503513" = Agatha Christie - Death on the Nile
"WTA-73d33827-15d7-4263-bcc3-a82875e8495c" = Penguins!
"WTA-7d5a13d5-cd66-43bf-84c2-ee29dec72e54" = Chronicles of Albian
"WTA-8128a357-86e6-418a-9f09-d9f999e75bd1" = Cradle of Rome 2
"WTA-8314bf59-b0a6-4503-96ab-230da3049e15" = Polar Golfer
"WTA-8b958470-544f-459c-84f4-6b1b4994beaf" = Polar Bowler
"WTA-945143bb-2a26-4792-9d78-894cf508db30" = Mystery of Mortlake Mansion
"WTA-9eeca8d2-3588-4eaf-abd2-1c5d0ddf0ee1" = Plants vs. Zombies - Game of the Year
"WTA-a221c363-6068-4c86-9299-d4bb17a43b08" = Zuma's Revenge
"WTA-a3ac135f-0aaf-430e-8fd9-2f118e0e337a" = Jewel Match 3
"WTA-ad14a649-1367-4557-a588-ffb28157aa95" = Dora's World Adventure
"WTA-eb356ef9-d705-449c-aae5-53ae670467fd" = Virtual Villagers 5 - New Believers
"WTA-f3e5c38c-a3cb-424d-8ad6-7de969af51a1" = Bejeweled 2 Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2560925396-3286970015-408714028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2012 6:05:52 PM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/4/2012 6:05:55 PM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/5/2012 2:11:35 AM | Computer Name = tardis | Source = WinMgmt | ID = 10
Description =

Error - 8/5/2012 3:43:25 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/5/2012 3:43:28 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/5/2012 6:21:00 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/5/2012 6:21:01 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/5/2012 4:50:11 PM | Computer Name = tardis | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2012 7:10:41 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/6/2012 7:10:43 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 6/17/2012 3:21:44 PM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 2:21:44 PM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 6/26/2012 11:17:06 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 10:17:06 AM - Error connecting to the internet. 10:17:06 AM - Unable
to contact server..

Error - 6/26/2012 11:17:14 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 10:17:12 AM - Error connecting to the internet. 10:17:12 AM - Unable
to contact server..

Error - 7/6/2012 12:01:11 PM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 11:01:11 AM - Error connecting to the internet. 11:01:11 AM - Unable
to contact server..

Error - 7/6/2012 12:01:20 PM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 11:01:16 AM - Error connecting to the internet. 11:01:16 AM - Unable
to contact server..

Error - 7/13/2012 10:27:12 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 9:27:12 AM - Error connecting to the internet. 9:27:12 AM - Unable
to contact server..

Error - 7/13/2012 10:27:18 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 9:27:17 AM - Error connecting to the internet. 9:27:17 AM - Unable
to contact server..

[ System Events ]
Error - 9/14/2012 3:18:35 PM | Computer Name = tardis | Source = DCOM | ID = 10005
Description =

Error - 9/14/2012 3:18:38 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 9/14/2012 3:21:29 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 9/14/2012 3:22:55 PM | Computer Name = tardis | Source = Application Popup | ID = 1060
Description = \??\C:\nothappy\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 9/14/2012 3:22:55 PM | Computer Name = tardis | Source = Application Popup | ID = 1060
Description = \??\C:\nothappy\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 9/14/2012 3:23:26 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 9/14/2012 3:24:02 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 9/14/2012 3:28:58 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 9/14/2012 3:29:03 PM | Computer Name = tardis | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.135.1218.0).

Error - 9/14/2012 4:48:20 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the PlugPlay service.


< End of report >


The methods I tried are as follows:
Malwarebytes
Hitman pro
combofix
file and regassassin
otl
otm
Rkill
goored fix

I don't know if this will help but here is a log from hitman pro

HitmanPro 3.6.1.164
www.hitmanpro.com

   Computer name . . . . : TARDIS
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : tardis\Timelord
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2012-09-12 03:11:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 48s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 6

   Objects scanned . . . : 1,025,869
   Files scanned . . . . : 19,700
   Remnants scanned  . . : 211,463 files / 794,706 keys

Malware _____________________________________________________________________

   C:\Users\Timelord\Desktop\cc319_setup.exe -> Quarantined
      Size . . . . . . . : 873,883 bytes
      Age  . . . . . . . : 0.1 days (2012-09-12 00:03:40)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 42582AEA1F5E6103829BA7D856DA7EDAD0FA291402248C55BD97DE35BC2FB790
    > a-Squared  . . . . : Trojan.Downloader.Win32.AMN!A2
      Fuzzy  . . . . . . : 116.0


Cookies _____________________________________________________________________

   C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Cookies\586V8SDT.txt
   C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Cookies\5BN1UVQ2.txt
   C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Cookies\CS66QGEI.txt
   C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Cookies\DDYCCQU1.txt
   C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Cookies\LP0CR9O7.txt



finally stopped and asked for help. If you need more info or I did not make this understandable please tell me. Thank You

Edited by timelord1371, 19 September 2012 - 09:11 PM.

  • 0

#4
Gammo
Posted 20 September 2012 - 03:51 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2560925396-3286970015-408714028-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/12 00:04:44 | 000,000,000 | ---D | M]
[1832/11/28 23:51:36 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\[email protected]
[2012/02/11 03:52:01 | 000,002,519 | ---- | M] () -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\Search_Results.xml
[2012/09/12 00:04:31 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/11 03:52:01 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/09/12 00:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/12 00:04:30 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Babylon

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
timelord1371
Posted 20 September 2012 - 06:35 PM

timelord1371

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Noticing babylon now has more visible files than i have seen. Here is combo log:

ComboFix 12-09-20.02 - Timelord 09/20/2012 19:11:45.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.923 [GMT -5:00]
Running from: c:\users\Timelord\Desktop\nothappy.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
.
.
2012-09-21 00:17 . 2012-09-21 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-21 00:00 . 2012-09-21 00:00 -------- d-----w- C:\_OTL
2012-09-20 18:17 . 2012-09-20 18:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A0CF59C-A7E6-4B23-BC08-E9E85A4AD44C}\offreg.dll
2012-09-19 07:44 . 2012-09-19 07:58 -------- d-----w- C:\nothappy
2012-09-18 23:23 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A0CF59C-A7E6-4B23-BC08-E9E85A4AD44C}\mpengine.dll
2012-09-17 04:18 . 2012-09-17 04:18 -------- d-----w- C:\_OTM
2012-09-17 03:59 . 2012-09-17 03:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-16 11:01 . 2012-09-16 11:01 -------- d-----w- c:\users\Timelord\AppData\Local\Macromedia
2012-09-16 11:00 . 2012-09-16 11:00 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-16 11:00 . 2012-09-16 11:00 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-12 09:49 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 09:49 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 09:48 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 09:48 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 09:48 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 09:48 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 09:48 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 05:05 . 2012-09-12 05:05 -------- d-----w- c:\program files (x86)\TGF Interactive
2012-09-12 05:04 . 2012-09-12 08:52 -------- d-----w- c:\program files (x86)\Free Window Registry Repair
2012-09-12 05:04 . 2012-09-12 05:04 304 ----a-w- C:\user.js
2012-09-12 05:04 . 2012-09-12 05:04 -------- d-----w- c:\program files (x86)\RegpairSetup
2012-09-12 04:57 . 2012-09-12 08:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-12 04:43 . 2012-09-12 04:43 -------- d-----w- c:\program files\HitmanPro
2012-09-12 04:42 . 2012-09-12 04:57 -------- d-----w- c:\programdata\HitmanPro
2012-08-31 05:30 . 2012-09-09 02:24 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 08:00 . 2012-03-05 02:39 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 22:04 . 2012-06-05 22:15 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 22:26 . 2012-07-26 22:26 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-18 18:15 . 2012-08-14 20:46 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 15:54 . 2012-07-13 15:55 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-13 15:28 . 2012-06-27 16:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-07-13 15:28 . 2012-06-27 16:52 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-13 15:27 . 2012-06-27 16:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-06 17:23 . 2012-06-13 23:09 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-06 17:23 . 2012-06-13 23:08 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-06 17:23 . 2012-06-13 23:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-06 17:23 . 2012-06-13 23:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-06 03:06 . 2012-07-13 15:55 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 22:16 . 2012-08-14 20:46 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-14 20:46 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-14 20:46 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-14 20:46 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 08:03 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 08:03 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 08:03 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 08:03 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 08:03 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 08:03 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 08:03 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 08:03 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 08:03 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 08:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 08:03 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 08:03 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 08:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 08:03 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 08:03 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 08:03 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 08:03 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 08:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 08:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-27 16:51 . 2012-06-27 16:51 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-23 19:00 . 2012-06-23 18:55 23748738 ----a-w- c:\users\Timelord\tor-browser-2.2.37-1_en-US.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-19_07.53.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-20 03:07 45372 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-21 00:04 38570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-01 04:01 . 2012-09-21 00:04 10178 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2560925396-3286970015-408714028-1000_UserData.bin
- 2012-02-01 18:57 . 2012-09-13 09:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-01 18:57 . 2012-09-19 09:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-09-19 09:00 . 2012-09-19 09:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-19 09:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-13 09:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-09-20 19:03 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-09-19 07:52 . 2012-09-19 07:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-21 00:18 . 2012-09-21 00:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-21 00:18 . 2012-09-21 00:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-19 07:52 . 2012-09-19 07:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-01 06:15 . 2012-09-20 23:46 200690 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-09-19 01:49 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-21 00:06 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-19 01:49 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-21 00:06 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-09-21 00:17 244048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-19 07:52 244048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-01 04:34 . 2012-09-21 00:17 36330928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2560925396-3286970015-408714028-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-01-14 74840]
R3 cpuz134;cpuz134;c:\users\Timelord\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-04 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-09-12 108392]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DirMngr;DirMngr;c:\users\Timelord\Downloads\GnuPG\dirmngr.exe [2011-03-02 224256]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-04 517632]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-21 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-05-11 11:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-01-26 368728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
IE: Translate Selection - c:\program files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d408b2ff000000000000d0df9ad1756a&q=
FF - user.js: extensions.BabylonToolbar.id - d408b2ff000000000000d0df9ad1756a
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15595
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.120:04
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110185&tt=3712_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
**************************************************************************
.
Completion time: 2012-09-20 19:22:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-21 00:22
ComboFix2.txt 2012-09-19 07:58
ComboFix3.txt 2012-09-14 19:29
ComboFix4.txt 2012-09-11 22:20
.
Pre-Run: 184,869,801,984 bytes free
Post-Run: 184,999,698,432 bytes free
.
- - End Of File - - 1C34EEDA51D1D7A92FB5C6BF8234CCDD
  • 0

#6
Gammo
Posted 22 September 2012 - 01:10 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Are you still experiencing any problems? If so, please try to explain to me in details what they are.
  • 0

#7
timelord1371
Posted 22 September 2012 - 04:24 PM

timelord1371

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I have been using malwarebytes. It doesn't seem to catch everything. I am still seeing most things under control of unknown account. What might this be?

LOG:


Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Timelord :: TARDIS [administrator]

Protection: Enabled

9/22/2012 5:18:16 PM
mbam-log-2012-09-22 (17-18-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 200015
Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
timelord1371
Posted 22 September 2012 - 05:08 PM

timelord1371

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is a list of other problems I am having.

cc319_setup.exe.......telling me it is a trojan
LhootSAHook.dll.......telling me it is riskware

All the things I am seeing now doesn't get detected I go looking for the unknown files. Seems to be so much I thought a total wipe could just let me have a do-over. Rather not do a wipe though. Tis why I am here.
  • 0

#9
Gammo
Posted 23 September 2012 - 04:08 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
C:\Users\Timelord\AppData\Local\Cyberlink\Adobe
C:\Users\Timelord\AppData\Local\LhootSA
C:\Users\Timelord\Desktop\cc319_setup.exe
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#10
timelord1371
Posted 24 September 2012 - 10:12 PM

timelord1371

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Couldn't uninstall combofix. I will examine and see if any more things i may have forgotten to mention. thank you very much
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP