About a week now I have been meticulously going through my computer looking and can't believe I let this happen as I normally try and stay on top. I noticed right away the google redirect named happili. I hardly ever use google anymore and this is why. Here is the list of things that I was able to uncover:
Adobe reader x.....still here
apple update.......still here
jucheck...........haven't seen it today not sure if I got it off for good
happili........gone or hiding
bho.............gone or hiding
seen quite a as few permissions that I can't change under unknown or garble numbers and letters as users hijacking
free window registry repair seems to be one also
babylon
browser manager i am suspecting
blinkx beat
I have just run otl and will now send the logs. My problems seem to be now the hidden things and not the easy to remove(or so one thinks) more recognized named ones. I have gotten to point where i wanna wipe it all and throw it in a lake lol or wipe and run linux from a stick upon boot. List of things I have tried.....
combofix
hitman pro
malwarebytes
free window registry repair
rkill
fileassasin
I have seemed to removed the easy to see stuff but lot still there hiding. Any assistance greatly appreciated.
OTL logfile created on: 9/16/2012 2:47:49 AM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Timelord\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.86 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 40.29% Memory free
3.71 Gb Paging File | 1.87 Gb Available in Paging File | 50.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 171.36 Gb Free Space | 78.68% Space Free | Partition Type: NTFS
Computer Name: TARDIS | User Name: Timelord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/16 02:28:25 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
PRC - [2012/09/08 21:24:25 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/11 03:45:40 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/15 09:06:12 | 000,052,608 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\Common Files\DivX Shared\DesktopService\DDMService.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/05/20 13:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/05/09 20:41:56 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/14 06:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 06:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 06:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/03/02 10:20:58 | 000,224,256 | ---- | M] () -- C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe
PRC - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
========== Modules (No Company Name) ==========
MOD - [2012/09/08 21:24:25 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/09/11 23:43:43 | 000,108,392 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2011/05/10 16:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/08 21:24:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/20 21:32:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/26 01:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/03/14 06:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/02 10:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Users\Timelord\Downloads\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2011/02/01 00:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 00:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 00:48:49 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 04:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/25 05:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/01/13 22:01:44 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/01/04 12:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/08 05:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/05/04 10:51:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/04 10:50:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://duckduckgo.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/28 21:54:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/21 00:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 21:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 23:50:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/12 00:04:44 | 000,000,000 | ---D | M]
[2012/07/13 19:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Extensions
[2012/09/12 05:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions
[2012/09/01 00:34:24 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\[email protected]
[1832/11/28 23:51:36 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\extensions\[email protected]
[2012/09/12 00:50:37 | 000,010,316 | ---- | M] () -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\duckduckgo.xml
[2012/02/11 03:52:01 | 000,002,519 | ---- | M] () -- C:\Users\Timelord\AppData\Roaming\Mozilla\Firefox\Profiles\6qad75db.default\searchplugins\Search_Results.xml
[2012/07/13 19:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/08 21:24:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/12 00:04:31 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/31 00:30:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 03:52:01 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/31 00:30:11 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/09/14 14:24:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O8 - Extra context menu item: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A130A72-9EF6-42C2-BBBC-1A5BF9E45E7A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/16 02:28:09 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
[2012/09/15 02:32:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/15 02:15:54 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Users\Timelord\Desktop\startuplite-setup-1.07.exe
[2012/09/15 02:13:28 | 000,065,232 | ---- | C] (Malwarebytes) -- C:\Users\Timelord\Desktop\regassassin-setup-1.03.exe
[2012/09/14 14:24:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/14 14:23:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/12 01:43:18 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\snake
[2012/09/12 00:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TGF Interactive
[2012/09/12 00:04:48 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012/09/12 00:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012/09/12 00:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair
[2012/09/12 00:04:46 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/09/12 00:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/12 00:04:30 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Babylon
[2012/09/12 00:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegpairSetup
[2012/09/11 23:57:10 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/09/11 23:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/09/11 23:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/11 23:42:11 | 008,864,168 | ---- | C] (SurfRight B.V.) -- C:\Users\Timelord\Desktop\HitmanPro36_x64.exe
[2012/09/11 17:07:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/11 17:07:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/11 17:07:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/11 17:06:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/11 17:06:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/11 17:05:22 | 004,759,433 | R--- | C] (Swearware) -- C:\Users\Timelord\Desktop\nothappy.exe
[2012/09/11 17:04:59 | 000,000,000 | ---D | C] -- C:\Users\Timelord\Desktop\not happy
[2012/08/25 11:45:44 | 000,000,000 | R--D | C] -- C:\Users\Timelord\Desktop\Heinz 57
[2012/08/21 00:53:27 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Local\DDMSettings
[2012/08/18 12:37:30 | 000,000,000 | ---D | C] -- C:\Users\Timelord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bicycle
[2012/08/18 12:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bicycle
========== Files - Modified Within 30 Days ==========
[2012/09/16 02:30:01 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Data Sending task.job
[2012/09/16 02:28:25 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Timelord\Desktop\OTL.exe
[2012/09/15 22:54:54 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 22:54:54 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/15 22:49:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/15 10:46:05 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/15 10:46:05 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/15 10:46:05 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/15 10:41:47 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2012/09/15 10:41:41 | 1494,110,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/15 02:15:54 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Users\Timelord\Desktop\startuplite-setup-1.07.exe
[2012/09/15 02:13:32 | 000,065,232 | ---- | M] (Malwarebytes) -- C:\Users\Timelord\Desktop\regassassin-setup-1.03.exe
[2012/09/14 14:24:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/12 20:36:02 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2012/09/12 03:22:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/09/12 00:04:48 | 000,001,035 | ---- | M] () -- C:\Users\Timelord\Desktop\Free Window Registry Repair.lnk
[2012/09/12 00:04:35 | 000,000,304 | ---- | M] () -- C:\user.js
[2012/09/11 23:43:43 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/09/11 23:42:19 | 008,864,168 | ---- | M] (SurfRight B.V.) -- C:\Users\Timelord\Desktop\HitmanPro36_x64.exe
[2012/09/11 17:05:32 | 004,759,433 | R--- | M] (Swearware) -- C:\Users\Timelord\Desktop\nothappy.exe
[2012/09/11 15:52:47 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/09/11 15:04:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 12:27:58 | 000,007,667 | ---- | M] () -- C:\Users\Timelord\AppData\Local\Resmon.ResmonCfg
[2012/09/10 11:09:35 | 023,755,885 | ---- | M] (Igor Pavlov) -- C:\Users\Timelord\Desktop\tordate2.exe
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/30 23:13:58 | 000,000,218 | ---- | M] () -- C:\Users\Timelord\.recently-used.xbel
[2012/08/21 00:52:39 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/08/21 00:52:22 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
========== Files Created - No Company Name ==========
[2012/09/15 10:41:47 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012/09/15 00:46:49 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Acer Registration - Data Sending task.job
[2012/09/12 20:36:02 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2012/09/12 00:04:48 | 000,001,035 | ---- | C] () -- C:\Users\Timelord\Desktop\Free Window Registry Repair.lnk
[2012/09/12 00:04:35 | 000,000,304 | ---- | C] () -- C:\user.js
[2012/09/11 23:43:43 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/09/11 17:07:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/11 17:07:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/11 17:07:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/11 17:07:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/11 17:07:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/11 15:52:36 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/09/10 12:27:58 | 000,007,667 | ---- | C] () -- C:\Users\Timelord\AppData\Local\Resmon.ResmonCfg
[2012/08/30 23:13:58 | 000,000,218 | ---- | C] () -- C:\Users\Timelord\.recently-used.xbel
[2012/08/21 00:52:22 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/08/21 00:52:03 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/06/24 02:25:45 | 000,006,035 | ---- | C] () -- C:\Users\Timelord\cassidy.asc
[2011/07/14 11:20:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/14 11:20:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/14 11:20:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
========== LOP Check ==========
[2012/09/15 03:37:19 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\Babylon
[2012/09/12 01:27:35 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\gnupg
[2012/08/30 20:04:45 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\gtk-2.0
[2012/07/13 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\poclbm
[2012/05/05 14:24:15 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\PowerCinema
[2012/04/19 01:04:18 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\TrueCrypt
[2012/06/29 09:40:16 | 000,000,000 | ---D | M] -- C:\Users\Timelord\AppData\Roaming\WildTangent
[2012/09/16 02:30:01 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Data Sending task.job
[2012/09/12 14:15:52 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/05/31 22:35:36 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\뾠Ä
[2012/05/31 22:35:36 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\뾠Ä
< End of report >
OTL Extras logfile created on: 9/16/2012 2:47:49 AM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Timelord\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.86 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 40.29% Memory free
3.71 Gb Paging File | 1.87 Gb Available in Paging File | 50.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 171.36 Gb Free Space | 78.68% Space Free | Partition Type: NTFS
Computer Name: TARDIS | User Name: Timelord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A52AB3A-6999-455A-99AB-A0157F53B5C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{12A5E838-5799-4E56-9719-1368A016BA86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AAE1A31-B60A-4E84-896B-FB98F992BD4E}" = rport=138 | protocol=17 | dir=out | app=system |
"{244F5CAE-5B95-4BB4-8005-7F9F8921B31F}" = rport=139 | protocol=6 | dir=out | app=system |
"{2942A09B-4322-4B62-AFF3-B26F0C26FA5D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{32547567-0665-4045-8BBC-85EA74968E8E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3CF6F651-BCF3-4741-B669-2762AA80CA5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54509B80-8C26-4E32-810F-E83D11308809}" = lport=445 | protocol=6 | dir=in | app=system |
"{59967599-3EB8-40DC-876D-50535D3FAA0B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BB40877-FF3B-4CE9-81C7-12CEFAAEC198}" = rport=10243 | protocol=6 | dir=out | app=system |
"{66511527-BFF6-4A46-B169-7574452B236B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{710324AE-5A65-40F1-912A-6C39AA70851E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73E3F428-1936-4C9E-9D2E-B6F7516A612A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{753AF8B8-FE62-4AD9-80AA-EC8CF0228675}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{785763C4-48D7-4FC1-A5E2-909A38A2D32A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85071794-F117-4238-9240-1AF695F61B25}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8C979A0F-73FC-4CA3-A739-67CC74C266C6}" = rport=137 | protocol=17 | dir=out | app=system |
"{8E71E9EB-AB85-45F6-AF88-22BBD4319E55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C60B2AB1-61D0-4819-A1E4-889BB96CBECA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA518683-167B-4F8B-8A78-AF5B96D5336E}" = rport=445 | protocol=6 | dir=out | app=system |
"{CECA6E80-B68F-4968-AF4B-FD1E0E670F2D}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6D70D55-E96A-4A8C-9B0C-92DFDBAC158E}" = lport=137 | protocol=17 | dir=in | app=system |
"{FEC50325-5F6D-4670-AD2B-3BD5ED72634E}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081AB592-DE10-4C29-85B4-48374A9CBCE2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{0EA89E12-D4E9-4EC2-B539-19249CC16CEF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{13B1AB35-91F1-4E81-B351-F3614157D5FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13C015D3-A3CE-43F9-9DF5-8D0777EE3AA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A3FF2A2-47F5-49E8-9ADE-B43E99142F9E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1D4F538D-FC7B-4F04-8D3B-B3A50667F653}" = protocol=17 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |
"{21B0551D-344D-4D8E-85C4-DF6C559BF987}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{36B68BD9-CE4D-4EC6-BE90-38962171247A}" = protocol=58 | dir=in | [email protected],-28545 |
"{397908C1-C55F-4FD7-AC11-F2431E97194A}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{3BDB31BF-B1B0-40CA-ADA2-CB40D384A7CD}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{444EE982-511A-4913-B83E-A0415621F288}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{452314EB-634F-4693-B551-F4A9390B7FE0}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{4D4BAD19-299C-4B10-9319-0EFB7D797618}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{4D5550C9-A0D4-4882-8CEC-6F47FDE0DABA}" = protocol=1 | dir=in | [email protected],-28543 |
"{4D5813FE-54EB-40BF-8296-5B926FE396D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{545E8CC4-BC1E-4DDA-B792-15B500F7DBEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64938223-6A5F-4F5F-A5FA-831E75CB7976}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{66D5511F-9E36-4359-ABBA-465738A53964}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68122405-2DCE-4EC4-8194-052C43FC6CD3}" = protocol=1 | dir=out | [email protected],-28544 |
"{68CA4928-C56A-4886-98B0-A489FAB50A89}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{70E83044-C2B4-4551-BE61-D326E44CF2EA}" = protocol=6 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |
"{7A1183C0-9B7E-4410-8AFB-B0CFDA1779AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{800CA7FE-13CE-4BC5-A0B5-7FB08C5EDA9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95C0D198-FDD5-465C-A7E5-9E10E667204F}" = protocol=17 | dir=in | app=c:\program files (x86)\att-hsi\mccibrowser.exe |
"{A0A90567-6955-4B78-A7CE-EF64D47B2207}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8D309C9-3E9D-4A3D-8837-F00394A588C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C149BC3E-18D1-4332-8C54-71002003D1C7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{C1543C11-8088-4292-939F-EEB9A5C8772A}" = protocol=6 | dir=out | app=system |
"{C41CFA0C-3225-404D-B2CB-C457256A6B02}" = protocol=58 | dir=out | [email protected],-28546 |
"{C7001B9D-85A4-42D0-8913-2749FB8980C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9B2AABE-B667-4A2B-9A2E-B3A85750BC4D}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"{D2F0D842-8E82-4554-99D7-9966C897819E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D59D16B9-8BC4-43CF-B8BE-9920AC1381D8}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{DA7C8EE4-2539-4695-AB72-A69F1683D347}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"{DE1E049B-8A26-42DB-926D-9CEF677FEF5B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E4308FC4-DC56-4B71-AA34-5D106899CF33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5CEF7A0-0EF1-4D55-8569-2BCD5FCC974B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F4971A23-2A6C-4E7B-AF3A-300683CA6DAF}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{FA65B0B7-81F3-4717-A013-78B789C9CD63}" = protocol=6 | dir=in | app=c:\program files (x86)\att-hsi\mccibrowser.exe |
"{FE802835-ADF4-476E-B613-8F327873665E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2CD8B984-A30C-4E70-B42D-ADCB45E6D935}E:\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |
"TCP Query User{97F33BD5-9E6A-4AAA-B3BC-D8D1415C0B7D}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{D167788B-FFBA-4E26-96F1-41D9B4A725E5}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{3D389426-8F2C-4A2A-A2D0-F440E8367F2D}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{40C1999D-F728-41AA-B006-1B743759A4FE}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{F83049C5-9634-402C-921C-648B087ED41B}E:\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=e:\bitcoin\bitcoin-qt.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HitmanPro36" = HitmanPro 3.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AC6FC35-8E40-4380-8E21-E117199738D3}" = Translate Genius
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB398DDB-0E7B-400B-A940-7E61FB91A531}" = Alcor Micro USB Card Reader
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECAD1063-CF2B-45F3-7946-A8B970007A80}" = Intel® SDK for OpenCL* Applications 2012
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"AmUStor" = Alcor Micro USB Card Reader
"BN_DesktopReader" = NOOK for PC
"DivX Setup" = DivX Setup
"Free Window Registry Repair" = Free Window Registry Repair
"GPG4Win" = Gpg4win (2.1.0)
"Identity Card" = Identity Card
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 15.0" = RealPlayer
"Solitaire" = Solitaire (remove only)
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.0.1
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-09865b5d-dbbb-42a5-9e21-0911ae3bc1e1" = Chuzzle Deluxe
"WTA-22148bcd-cdcb-432b-b1a3-255a4ca88370" = Governor of Poker 2 Premium Edition
"WTA-32ce7ac7-df20-4f64-a36b-c7f9d307b6d5" = FATE: The Cursed King
"WTA-42a78965-05f4-4c5a-9f07-ab6633e72188" = Final Drive: Nitro
"WTA-45bc88a8-da54-4104-a4a5-a161013856fe" = Torchlight
"WTA-631779f2-102e-4d0d-92f3-10776e1f37e1" = Build-a-lot 4 - Power Source
"WTA-64a3eb7e-8848-4d12-896b-941558503513" = Agatha Christie - Death on the Nile
"WTA-73d33827-15d7-4263-bcc3-a82875e8495c" = Penguins!
"WTA-7d5a13d5-cd66-43bf-84c2-ee29dec72e54" = Chronicles of Albian
"WTA-8128a357-86e6-418a-9f09-d9f999e75bd1" = Cradle of Rome 2
"WTA-8314bf59-b0a6-4503-96ab-230da3049e15" = Polar Golfer
"WTA-8b958470-544f-459c-84f4-6b1b4994beaf" = Polar Bowler
"WTA-945143bb-2a26-4792-9d78-894cf508db30" = Mystery of Mortlake Mansion
"WTA-9eeca8d2-3588-4eaf-abd2-1c5d0ddf0ee1" = Plants vs. Zombies - Game of the Year
"WTA-a221c363-6068-4c86-9299-d4bb17a43b08" = Zuma's Revenge
"WTA-a3ac135f-0aaf-430e-8fd9-2f118e0e337a" = Jewel Match 3
"WTA-ad14a649-1367-4557-a588-ffb28157aa95" = Dora's World Adventure
"WTA-eb356ef9-d705-449c-aae5-53ae670467fd" = Virtual Villagers 5 - New Believers
"WTA-f3e5c38c-a3cb-424d-8ad6-7de969af51a1" = Bejeweled 2 Deluxe
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/4/2012 6:05:52 PM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.
Error - 8/4/2012 6:05:55 PM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.
Error - 8/5/2012 2:11:35 AM | Computer Name = tardis | Source = WinMgmt | ID = 10
Description =
Error - 8/5/2012 3:43:25 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.
Error - 8/5/2012 3:43:28 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.
Error - 8/5/2012 6:21:00 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.
Error - 8/5/2012 6:21:01 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.
Error - 8/5/2012 4:50:11 PM | Computer Name = tardis | Source = WinMgmt | ID = 10
Description =
Error - 8/6/2012 7:10:41 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.
Error - 8/6/2012 7:10:43 AM | Computer Name = tardis | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\NTI\acer
backup manager\Migrate\OutlookMsgNet64.exe".Error in manifest or policy file "c:\program
files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
on line 11. Component identity found in manifest does not match the identity of
the component requested. Reference is Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition
is Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please
use sxstrace.exe for detailed diagnosis.
[ Media Center Events ]
Error - 6/17/2012 3:21:44 PM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 2:21:44 PM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')
Error - 6/26/2012 11:17:06 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 10:17:06 AM - Error connecting to the internet. 10:17:06 AM - Unable
to contact server..
Error - 6/26/2012 11:17:14 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 10:17:12 AM - Error connecting to the internet. 10:17:12 AM - Unable
to contact server..
Error - 7/6/2012 12:01:11 PM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 11:01:11 AM - Error connecting to the internet. 11:01:11 AM - Unable
to contact server..
Error - 7/6/2012 12:01:20 PM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 11:01:16 AM - Error connecting to the internet. 11:01:16 AM - Unable
to contact server..
Error - 7/13/2012 10:27:12 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 9:27:12 AM - Error connecting to the internet. 9:27:12 AM - Unable
to contact server..
Error - 7/13/2012 10:27:18 AM | Computer Name = tardis | Source = MCUpdate | ID = 0
Description = 9:27:17 AM - Error connecting to the internet. 9:27:17 AM - Unable
to contact server..
[ System Events ]
Error - 9/14/2012 3:18:35 PM | Computer Name = tardis | Source = DCOM | ID = 10005
Description =
Error - 9/14/2012 3:18:38 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068
Error - 9/14/2012 3:21:29 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 9/14/2012 3:22:55 PM | Computer Name = tardis | Source = Application Popup | ID = 1060
Description = \??\C:\nothappy\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 9/14/2012 3:22:55 PM | Computer Name = tardis | Source = Application Popup | ID = 1060
Description = \??\C:\nothappy\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 9/14/2012 3:23:26 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 9/14/2012 3:24:02 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126
Error - 9/14/2012 3:28:58 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126
Error - 9/14/2012 3:29:03 PM | Computer Name = tardis | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.135.1218.0).
Error - 9/14/2012 4:48:20 PM | Computer Name = tardis | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the PlugPlay service.
< End of report >
THANK YOU