Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Trojan.Downloader" help


  • This topic is locked This topic is locked
13 replies to this topic

#1 Nero92

Nero92

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 29 August 2012 - 01:39 PM

Hi everyone,

I was browsing this site for a possible solution to my problem but haven't found a duplicate post. I've run both Malwarebytes and SUPERAntiSpyware, which solved most of my computer's problems. However Malwarbytes turns up 5 objects after a scan, I've scanned and rebooted several times already and each time these 5 objects persist. My computer doesn't have any huge problems, but I game online and end up with massive latency issues for no reason so I'm guessing on of these objects is the cause.

The object of most concern is: "c:\windows\syshost.exe" (trojan.downloader). I've seen similar posts about a "c:\windows\svchost.exe" but I'm not that great with techology so I didn't attempt any of the actions from these posts (ie. Combofix).

Thanks for any help you could provide.

Below is the log from Malwarebytes:

Database version: v2012.08.17.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Travis :: WRATH [administrator]

Protection: Disabled

19/08/2012 2:33:44 PM
mbam-log-2012-08-19 (14-33-44).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 372557
Time elapsed: 56 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vGrabber (PUP.BundleInstaller.VG) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 87
C:\Program Files (x86)\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> No action taken.
C:\Users\Travis\AppData\Local\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\n (Rootkit.0Access) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Local\ahatfunt.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\airaufejj.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ajcvemt.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\aknjsrir.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\amrrsmsujf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\aqdwaqlga.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\bdhsmvesr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\bkxdocdca.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\bxumvpbj.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\bxxgm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\chrrsqwwb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\cikhzxjyw.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\cnxbs.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\cuzyad.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\cvddzbhbuz.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\czbtjlqcjv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\dderbcxj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\dtydmgduy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\duqyudqo.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\dzilc.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\edwihyokk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\eztiqwz.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\fastknaf.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\fktpzc.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\flsfigat.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\hfatyzc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\hszibi.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\igywtfsh.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ivmwt.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\iwtbzbqojo.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\jafmbte.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\jfemkpmyf.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\kkzxoymxdb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\knurizvsc.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\kxtbmxqkri.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\lahwo.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ldrlmx.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\lochkzxkc.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\lsjnu.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\mhccacjv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\mijcqpqofp.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\mvhtsdpqt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\myognt.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\novxmblus.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\nsgbmp.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\nzahjm.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ofxhrmfkpe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ppknippwcz.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\pvooz.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\pxeqkt.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\qdnhm.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\qhjsfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\rakqoflsr.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\rcjcn.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\rcohtlfj.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\rusoxy.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ruvvrijfvk.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ryxjb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\sbkotriykw.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\sdrootnzhd.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\slrsflielv.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\snzigzdxgx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\spxcxdlwb.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\sywwesu.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\tnsrtkennn.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\tolisdcd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\tzbajxil.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\uaodwpapc.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\unbfamgrw.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\vxyhdna.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\wcqiiuwgtt.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\wfzkxu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\wjideqr.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\wlkgljoig.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\wmybpibzmp.exe (Trojan.XBuild402) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\xmsiqfml.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\xtplopioub.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\yblaxltzdr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\ziimhzrn.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\n (Trojan.Sirefef) -> Quarantined and deleted successfully.
c:\windows\syshost.exe (Trojan.Downloader) -> Delete on reboot.
c:\users\travis\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:44 PM

Posted 29 August 2012 - 02:50 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Nero92

Nero92
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 29 August 2012 - 03:17 PM

Hey SweetTech,

No changes to my situation. I'm running Windows 7 on an i3 intel Core Acer Aspire Timeline, if you need any specs let me know. Issue was as specified in my prior post, all the malicious files found by Malwarebytes persists dispite the scans and reboots.

Thanks for your time!

PS running OTL will post logs ASAP

Edited by Nero92, 29 August 2012 - 03:19 PM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:44 PM

Posted 29 August 2012 - 03:27 PM

Okay, thanks for that information. I'll look forward to the OTL logs. :)

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Nero92

Nero92
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 29 August 2012 - 03:29 PM

OTL logfile created on: 8/29/2012 4:19:00 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Travis\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.74 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 50.90% Memory free
5.48 Gb Paging File | 3.29 Gb Available in Paging File | 59.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 19.35 Gb Free Space | 6.79% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: WRATH | User Name: Travis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/29 16:18:29 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Travis\Desktop\OTL.exe
PRC - [2012/08/29 14:41:01 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/08/15 22:04:25 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2012/07/02 11:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/07/02 11:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2011/11/28 08:36:30 | 004,692,296 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/09 17:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 17:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/25 11:51:30 | 000,525,752 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2011/07/25 11:51:18 | 001,105,848 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/23 21:46:32 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/04/17 01:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 01:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 01:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/03/08 19:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 19:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 23:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/25 23:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/02/25 23:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/02/25 23:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/09 14:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/26 17:10:36 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/08/26 17:10:25 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/08/26 17:10:25 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/08/26 17:10:25 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/26 17:10:24 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/15 13:57:43 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/15 13:57:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/05/13 15:58:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll
MOD - [2012/05/13 15:43:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 15:42:20 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/13 15:42:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/13 15:42:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/13 15:42:03 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/13 15:41:50 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/06/21 09:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011/06/20 09:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011/06/20 07:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011/06/20 07:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011/06/20 07:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011/06/20 07:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011/05/26 05:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011/05/26 05:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2010/09/01 02:39:28 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/08 20:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/20 15:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/06/21 01:09:50 | 000,075,208 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\526ddae3acceb191.sys -- (526ddae3acceb191)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/23 13:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/04/22 13:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/02 11:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/11/15 17:54:27 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/09 17:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/25 11:51:18 | 001,105,848 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe -- (NIS)
SRV - [2010/04/17 01:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 19:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/02/25 23:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 22:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/21 01:09:50 | 000,075,208 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\526ddae3acceb191.sys -- (526ddae3acceb191)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/09 23:51:06 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/19 17:38:35 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/16 14:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/04/06 22:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/01 04:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/31 03:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/11 08:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 04:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 18:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/12/21 21:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 22:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 22:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 22:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/26 09:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/05/24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110902.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/21 22:27:16 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110903.002\EX64.SYS -- (NAVEX15)
DRV - [2011/08/21 22:27:16 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110903.002\ENG64.SYS -- (NAVENG)
DRV - [2011/07/27 20:04:01 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/27 20:04:01 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 20:27:21 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5820t&r=27360910m906l0403z1m5t5691k674
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5820t&r=27360910m906l0403z1m5t5691k674
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5820t&r=27360910m906l0403z1m5t5691k674
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\SearchScopes\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}: "URL" = http://gb.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA397
IE - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\SearchScopes\{A7D140D7-C9BA-4F63-85CD-BFD07F04C789}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=CA&ver=17
IE - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/02/01 02:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_8_3 [2012/06/14 20:55:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF

[2010/10/15 12:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Extensions
[2010/10/15 12:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll File not found
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No CLSID value found.
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\Toolbar\WebBrowser: (no name) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-798728677-2915393756-2057532829-1000..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-798728677-2915393756-2057532829-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-798728677-2915393756-2057532829-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-798728677-2915393756-2057532829-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-798728677-2915393756-2057532829-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\.DEFAULT..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://nac2.resnet.uoguelph.ca/auth/taweb.cab (Cisco NAC Web Agent Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.215.0.249
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF843F65-3BEB-4470-8079-000C124118B1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4360A5F-C1E8-40F0-83D1-3EBFAE99FCBE}: DhcpNameServer = 24.215.0.249
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1d1619f9-c8f3-11df-99eb-c80aa9ad948d}\Shell - "" = AutoRun
O33 - MountPoints2\{1d1619f9-c8f3-11df-99eb-c80aa9ad948d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{adb5d4ca-1e5f-11e0-a4ac-c80aa9ad948d}\Shell - "" = AutoRun
O33 - MountPoints2\{adb5d4ca-1e5f-11e0-a4ac-c80aa9ad948d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{d482d9eb-6800-11e0-890d-c80aa9ad948d}\Shell - "" = AutoRun
O33 - MountPoints2\{d482d9eb-6800-11e0-890d-c80aa9ad948d}\Shell\AutoRun\command - "" = D:\StartClickFreeBackup.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\StartClickFreeBackup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 16:18:23 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Travis\Desktop\OTL.exe
[2012/08/29 14:00:28 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{FBA29D07-B60E-4973-93E1-0A8C520E84F6}
[2012/08/29 13:45:34 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/29 13:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/29 13:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/29 13:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/29 13:34:09 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/29 13:24:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/29 13:18:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/29 12:52:18 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{C056C0A2-3E66-4676-AA5F-6DCD3DB61E14}
[2012/08/28 20:20:25 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{AEE4372A-1483-4134-9F49-26279043885E}
[2012/08/20 15:33:16 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{0A25D253-9E4D-46F0-B825-C2B81205E5FC}
[2012/08/19 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{D2459528-BE1F-40FB-A87D-6B0A306DF4CD}
[2012/08/18 22:00:28 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{F1DEC97F-6D9B-4B81-8272-DDCC61494BB8}
[2012/08/17 21:38:13 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{1AE4F5F7-2627-43C4-A52D-097F0E1EBD5F}
[2012/08/17 21:37:58 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{CEBE8AA9-B46F-4953-91A2-E1318B7034F4}
[2012/08/17 12:26:15 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{30DDD9E3-0D26-44CB-A293-7C49358B4F66}
[2012/08/17 12:26:01 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{A59113A4-242F-405B-95E3-AF4870FF42AB}
[2012/08/17 12:07:00 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Roaming\Malwarebytes
[2012/08/17 12:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/17 12:06:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/17 12:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/17 12:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/15 22:03:58 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{19989AA5-44DD-4A70-AECE-8EF9328A29FF}
[2012/08/15 22:03:20 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{55BF29D8-F336-4454-8483-247A69C21D0F}
[2012/08/15 21:53:34 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2012/08/15 21:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2012/08/15 21:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanUp!
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/29 16:18:29 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Travis\Desktop\OTL.exe
[2012/08/29 15:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/29 15:35:39 | 000,731,422 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/29 15:35:39 | 000,632,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/29 15:35:39 | 000,112,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/29 14:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/29 14:07:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 14:07:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 13:58:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/29 13:58:54 | 2207,326,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/29 13:51:17 | 000,001,441 | ---- | M] () -- C:\Users\Travis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/29 13:45:33 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/29 13:36:54 | 000,000,331 | ---- | M] () -- C:\Start_.cmd
[2012/08/20 15:30:34 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/17 12:06:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/07 15:37:53 | 002,440,206 | ---- | M] () -- C:\Users\Travis\AppData\Local\[j0002]-[p14].bmp
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/29 13:45:33 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/29 13:37:58 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\U\800000cb.@
[2012/08/29 13:37:58 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\U\80000000.@
[2012/08/29 13:37:57 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\U\00000001.@
[2012/08/29 13:36:54 | 000,000,331 | ---- | C] () -- C:\Start_.cmd
[2012/08/17 12:06:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/07 15:37:52 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0002]-[p14].bmp
[2012/03/20 03:26:25 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0008]-[p06].bmp
[2012/03/20 03:23:58 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0007]-[p06].bmp
[2012/02/17 18:20:23 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0003]-[p16].bmp
[2012/01/10 17:18:16 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\@
[2012/01/10 17:18:16 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\@
[2012/01/10 17:18:16 | 000,002,048 | -HS- | C] () -- C:\Users\Travis\AppData\Local\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\@
[2011/12/29 07:22:10 | 000,000,502 | ---- | C] () -- C:\ProgramData\1325157726.bdinstall.bin
[2011/12/29 07:19:01 | 000,000,502 | ---- | C] () -- C:\ProgramData\1325157535.bdinstall.bin
[2011/12/11 02:34:59 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/09 10:28:51 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0005]-[p04].bmp
[2011/03/07 22:16:51 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0008]-[p08].bmp
[2011/03/02 02:25:15 | 000,001,940 | ---- | C] () -- C:\Users\Travis\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/02/16 02:11:24 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0012]-[p04].bmp
[2011/02/16 02:05:08 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0011]-[p04].bmp
[2011/02/16 02:04:28 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0010]-[p04].bmp
[2011/01/26 03:32:26 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/26 03:32:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/01/11 21:34:05 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0006]-[p04].bmp
[2011/01/02 23:39:15 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/20 18:59:32 | 000,000,235 | ---- | C] () -- C:\Users\Travis\AppData\Roaming\fixpermissions.bat
[2010/09/18 13:53:44 | 000,736,616 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/18 02:10:46 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\WMIMPLEX.dll
[2010/09/18 02:10:46 | 000,031,744 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll
[2010/09/18 02:10:46 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\maplecompat.dll

< End of report >

OTL Extras logfile created on: 8/29/2012 4:19:00 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Travis\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.74 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 50.90% Memory free
5.48 Gb Paging File | 3.29 Gb Available in Paging File | 59.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 19.35 Gb Free Space | 6.79% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: WRATH | User Name: Travis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-798728677-2915393756-2057532829-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AF2C88-A2D7-436D-A261-017865640E84}" = Imgur Uploader
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F6C4370-BD2C-4F1B-8E81-F4A7293E0455}" = Cisco NAC Agent
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Game Console" = Acer Game Console
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"CleanUp!" = CleanUp!
"DivX Setup.divx.com" = DivX Setup
"FBReader for Windows" = FBReader for Windows
"ffdshow_is1" = ffdshow v1.1.3996 [2011-10-13]
"Game Booster_is1" = Game Booster 3
"GameSpy Arcade" = GameSpy Arcade
"Giraffic" = Veoh Giraffic Video Accelerator
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"jZip" = jZip
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Basic)
"LManager" = Launch Manager
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Maple 14" = Maple 14 (32-bit)
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity
"Steam App 34030" = Napoleon: Total War
"Surf Canyon" = Surf Canyon Search Engine Assistant
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.11
"VobSub" = VobSub v2.23 (Remove Only)
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079065" = Jewel Quest Solitaire 3
"WT079097" = Monopoly
"WT079101" = Mystery P.I. - Lost in Los Angeles
"WT079105" = Penguins!
"WT079109" = Plants vs. Zombies
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079149" = Scrabble Plus
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079193" = Build-a-lot 2
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YTdetect" = Yahoo! Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/4/2012 7:03:00 AM | Computer Name = Wrath | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/6/2012 2:00:42 PM | Computer Name = Wrath | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/8/2012 8:24:16 PM | Computer Name = Wrath | Source = Application Hang | ID = 1002
Description = The program uTorrent.exe version 2.0.4.22150 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2d5c Start
Time: 01cd15e267020377 Termination Time: 10 Application Path: C:\Program Files (x86)\uTorrent\uTorrent.exe

Report
Id: 54073679-81da-11e1-bf96-c80aa9ad948d

Error - 4/12/2012 7:58:12 AM | Computer Name = Wrath | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/13/2012 8:36:39 AM | Computer Name = Wrath | Source = System Restore | ID = 8193
Description =

Error - 4/13/2012 7:09:48 PM | Computer Name = Wrath | Source = Application Hang | ID = 1002
Description = The program uTorrent.exe version 2.0.4.22150 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1c50 Start
Time: 01cd19ca45a17911 Termination Time: 3850 Application Path: C:\Program Files
(x86)\uTorrent\uTorrent.exe Report Id: bf994772-85bd-11e1-bf96-c80aa9ad948d

Error - 4/14/2012 2:13:25 PM | Computer Name = Wrath | Source = BugSplat | ID = 1
Description =

Error - 4/14/2012 7:35:29 PM | Computer Name = Wrath | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/15/2012 1:20:13 PM | Computer Name = Wrath | Source = Windows Search Service | ID = 3007
Description =

Error - 4/16/2012 5:14:09 AM | Computer Name = Wrath | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 10/5/2010 10:09:28 PM | Computer Name = Wrath | Source = MCUpdate | ID = 0
Description = 10:09:28 PM - Error connecting to the internet. 10:09:28 PM - Unable
to contact server..

Error - 10/5/2010 10:09:51 PM | Computer Name = Wrath | Source = MCUpdate | ID = 0
Description = 10:09:45 PM - Error connecting to the internet. 10:09:45 PM - Unable
to contact server..

[ System Events ]
Error - 8/29/2012 2:00:48 PM | Computer Name = Wrath | Source = Service Control Manager | ID = 7000
Description = The SASKUTIL service failed to start due to the following error: %%31

Error - 8/29/2012 2:00:49 PM | Computer Name = Wrath | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%31

Error - 8/29/2012 2:00:59 PM | Computer Name = Wrath | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 8/29/2012 2:00:59 PM | Computer Name = Wrath | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 8/29/2012 2:01:06 PM | Computer Name = Wrath | Source = Service Control Manager | ID = 7000
Description = The SASKUTIL service failed to start due to the following error: %%31

Error - 8/29/2012 2:02:15 PM | Computer Name = Wrath | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%31

Error - 8/29/2012 2:02:15 PM | Computer Name = Wrath | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%31

Error - 8/29/2012 2:02:27 PM | Computer Name = Wrath | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%31

Error - 8/29/2012 2:02:27 PM | Computer Name = Wrath | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%31

Error - 8/29/2012 2:04:34 PM | Computer Name = Wrath | Source = Ntfs | ID = 262199
Description =


< End of report >

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:44 PM

Posted 29 August 2012 - 03:48 PM

Hi!

It looks like we have some work to do here.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV:64bit: - [2012/06/21 01:09:50 | 000,075,208 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\526ddae3acceb191.sys -- (526ddae3acceb191)
    DRV:64bit: - [2012/06/21 01:09:50 | 000,075,208 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\526ddae3acceb191.sys -- (526ddae3acceb191)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No CLSID value found.
    O3 - HKU\S-1-5-21-798728677-2915393756-2057532829-1000\..\Toolbar\WebBrowser: (no name) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No CLSID value found.
    O4 - HKU\.DEFAULT..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O33 - MountPoints2\{1d1619f9-c8f3-11df-99eb-c80aa9ad948d}\Shell - "" = AutoRun
    O33 - MountPoints2\{1d1619f9-c8f3-11df-99eb-c80aa9ad948d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{adb5d4ca-1e5f-11e0-a4ac-c80aa9ad948d}\Shell - "" = AutoRun
    O33 - MountPoints2\{adb5d4ca-1e5f-11e0-a4ac-c80aa9ad948d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
    O33 - MountPoints2\{d482d9eb-6800-11e0-890d-c80aa9ad948d}\Shell - "" = AutoRun
    O33 - MountPoints2\{d482d9eb-6800-11e0-890d-c80aa9ad948d}\Shell\AutoRun\command - "" = D:\StartClickFreeBackup.exe
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\StartClickFreeBackup.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
    [2012/08/29 14:00:28 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{FBA29D07-B60E-4973-93E1-0A8C520E84F6}
    [2012/08/29 12:52:18 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{C056C0A2-3E66-4676-AA5F-6DCD3DB61E14}
    [2012/08/28 20:20:25 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{AEE4372A-1483-4134-9F49-26279043885E}
    [2012/08/20 15:33:16 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{0A25D253-9E4D-46F0-B825-C2B81205E5FC}
    [2012/08/19 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{D2459528-BE1F-40FB-A87D-6B0A306DF4CD}
    [2012/08/18 22:00:28 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{F1DEC97F-6D9B-4B81-8272-DDCC61494BB8}
    [2012/08/17 21:38:13 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{1AE4F5F7-2627-43C4-A52D-097F0E1EBD5F}
    [2012/08/17 21:37:58 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{CEBE8AA9-B46F-4953-91A2-E1318B7034F4}
    [2012/08/17 12:26:15 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{30DDD9E3-0D26-44CB-A293-7C49358B4F66}
    [2012/08/17 12:26:01 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{A59113A4-242F-405B-95E3-AF4870FF42AB}
    [2012/08/15 22:03:58 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{19989AA5-44DD-4A70-AECE-8EF9328A29FF}
    [2012/08/15 22:03:20 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\{55BF29D8-F336-4454-8483-247A69C21D0F}
    [2012/08/07 15:37:53 | 002,440,206 | ---- | M] () -- C:\Users\Travis\AppData\Local\[j0002]-[p14].bmp
    [2012/08/29 13:37:58 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\U\800000cb.@
    [2012/08/29 13:37:58 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\U\80000000.@
    [2012/08/29 13:37:57 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\U\00000001.@
    [2012/08/29 13:36:54 | 000,000,331 | ---- | C] () -- C:\Start_.cmd
    [2012/08/07 15:37:52 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0002]-[p14].bmp
    [2012/03/20 03:26:25 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0008]-[p06].bmp
    [2012/03/20 03:23:58 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0007]-[p06].bmp
    [2012/02/17 18:20:23 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0003]-[p16].bmp
    [2012/01/10 17:18:16 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\@
    [2012/01/10 17:18:16 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\@
    [2012/01/10 17:18:16 | 000,002,048 | -HS- | C] () -- C:\Users\Travis\AppData\Local\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\@
    [2011/12/29 07:22:10 | 000,000,502 | ---- | C] () -- C:\ProgramData\1325157726.bdinstall.bin
    [2011/12/29 07:19:01 | 000,000,502 | ---- | C] () -- C:\ProgramData\1325157535.bdinstall.bin
    [2011/03/09 10:28:51 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0005]-[p04].bmp
    [2011/03/07 22:16:51 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0008]-[p08].bmp
    [2011/02/16 02:11:24 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0012]-[p04].bmp
    [2011/02/16 02:05:08 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0011]-[p04].bmp
    [2011/02/16 02:04:28 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0010]-[p04].bmp
    [2011/01/11 21:34:05 | 002,440,206 | ---- | C] () -- C:\Users\Travis\AppData\Local\[j0006]-[p04].bmp
    [2010/09/20 18:59:32 | 000,000,235 | ---- | C] () -- C:\Users\Travis\AppData\Roaming\fixpermissions.bat
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Nero92

Nero92
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 29 August 2012 - 04:26 PM

Alright ran into a problem with OTL. I attempt to start the custom fix as directed. OTL gets to the "creating a restore point" phase then stops responding. I then get a OTL:OTL.exe corruption notification, and this note appears:

Files\Folders moved on Reboot...
File move failed. C:\Users\Travis\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8CZTDEZG\page__gopid__2823288[1].htm scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#8 Nero92

Nero92
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 29 August 2012 - 04:59 PM

This is the OTL:OTL.exe message:

The file or directory
c:\Users\Travis\AppData\Local\Microsoft\Windows\Temportary Internet Files\Conent.IE5\50BCAU9W is corrupt and unreadable. Please run the chkdsk utility.

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:44 PM

Posted 29 August 2012 - 05:26 PM

Hi!

Sorry to hear that! Please go ahead and proceed with the ComboFix instructions.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Nero92

Nero92
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 29 August 2012 - 06:18 PM

Ran ComboFix without any problems, here's the report:

ComboFix 12-08-29.03 - Travis 29/08/2012 18:56:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.2807.1507 [GMT -4:00]
Running from: c:\users\Travis\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\83E
c:\programdata\83E\{4F13183F-C325-4AAC-AB6E-5276D0EF390B}.swf
c:\windows\Installer\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\@
c:\windows\Installer\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\U\00000001.@
c:\windows\Installer\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\U\80000000.@
c:\windows\Installer\{a4e98a44-01b1-29c6-610f-1cd57e2be86c}\U\800000cb.@
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 23:03 . 2012-08-29 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 21:10 . 2012-08-29 21:10 -------- d-----w- C:\_OTL
2012-08-29 17:45 . 2012-08-29 17:45 -------- d-----w- c:\users\Travis\AppData\Roaming\SUPERAntiSpyware.com
2012-08-29 17:45 . 2012-08-29 17:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-29 17:45 . 2012-08-29 17:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-17 16:07 . 2012-08-17 16:07 -------- d-----w- c:\users\Travis\AppData\Roaming\Malwarebytes
2012-08-17 16:06 . 2012-08-17 16:06 -------- d-----w- c:\programdata\Malwarebytes
2012-08-17 16:06 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-17 16:06 . 2012-08-17 16:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-16 01:53 . 2012-08-16 01:53 -------- d-----w- c:\program files (x86)\CleanUp!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 19:17 . 2012-04-27 21:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 19:17 . 2011-06-06 17:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 01:12 . 2010-09-26 23:06 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 01:32 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 01:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 01:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 01:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 01:32 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 01:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 01:32 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 01:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 01:31 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-16 1353080]
"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-11-28 4692296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-04-24 124136]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-26 1289296]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-07-25 525752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-5-16 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-19 834544]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-23 1151096]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110902.030\IDSvia64.sys [2011-08-23 488568]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-05-24 13824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S0 syshost32;syshost32;syshost32 [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-07-25 1105848]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - 526ddae3acceb191
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 06:39]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 06:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-22 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-22 2040352]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]
"combofix"="c:\combofix\CF2496.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5820t&r=27360910m906l0403z1m5t5691k674
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 24.215.0.249
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://nac2.resnet.uoguelph.ca/auth/taweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\526ddae3acceb191]
"ImagePath"="\SystemRoot\System32\Drivers\526ddae3acceb191.sys"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\syshost32]
"ImagePath"="\"c:\windows\Installer\{751FCB3D-41E3-6682-A9D6-ABC0893C182C}\syshost.exe\" /service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files\Acer\Acer Updater\UpdaterService.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-08-29 19:16:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-29 23:16
.
Pre-Run: 35,628,236,800 bytes free
Post-Run: 35,228,209,152 bytes free
.
- - End Of File - - 8D69B293AA36D0DF13C80B4BA8C81D72

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:44 PM

Posted 30 August 2012 - 03:15 PM

Hi!

Please run the following script with ComboFix:

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\windows\Installer\{751FCB3D-41E3-6682-A9D6-ABC0893C182C}\syshost.exe
C:\System32\Drivers\526ddae3acceb191.sys"
ClearJavaCache::
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\syshost32]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\526ddae3acceb191]
Driver::
syshost32

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Please provide me with the requested logs above, as well as an update on how your computer is running.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Nero92

Nero92
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 30 August 2012 - 07:56 PM

Here are the logs as requested, I'll edit this post in a few hours with an update about my computers status

ComboFix 12-08-30.05 - Travis 30/08/2012 20:20:26.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.2807.1660 [GMT -4:00]
Running from: c:\users\Travis\Desktop\ComboFix.exe
Command switches used :: c:\users\Travis\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\system32\Drivers\526ddae3acceb191.sys"
"c:\windows\Installer\{751FCB3D-41E3-6682-A9D6-ABC0893C182C}\syshost.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 00:27 . 2012-08-31 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 21:10 . 2012-08-29 21:10 -------- d-----w- C:\_OTL
2012-08-29 17:45 . 2012-08-29 17:45 -------- d-----w- c:\users\Travis\AppData\Roaming\SUPERAntiSpyware.com
2012-08-29 17:45 . 2012-08-29 17:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-29 17:45 . 2012-08-29 17:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-17 16:07 . 2012-08-17 16:07 -------- d-----w- c:\users\Travis\AppData\Roaming\Malwarebytes
2012-08-17 16:06 . 2012-08-17 16:06 -------- d-----w- c:\programdata\Malwarebytes
2012-08-17 16:06 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-17 16:06 . 2012-08-17 16:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-16 01:53 . 2012-08-16 01:53 -------- d-----w- c:\program files (x86)\CleanUp!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 19:17 . 2012-04-27 21:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 19:17 . 2011-06-06 17:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 01:12 . 2010-09-26 23:06 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 01:32 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 01:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 01:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 01:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 01:32 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 01:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 01:32 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 01:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 01:31 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-29_23.05.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-29 23:04 . 2012-08-29 23:04 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-08-31 00:28 . 2012-08-31 00:28 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-08-29 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-31 00:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-29 23:05 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-31 00:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-18 13:51 . 2012-08-29 23:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-18 13:51 . 2012-08-31 00:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-18 13:51 . 2012-08-29 23:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-18 13:51 . 2012-08-31 00:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-18 13:51 . 2012-08-31 00:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-18 13:51 . 2012-08-29 23:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-18 13:41 . 2012-08-31 00:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-18 13:41 . 2012-08-29 23:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-18 13:41 . 2012-08-29 23:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-18 13:41 . 2012-08-31 00:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-29 23:05 . 2012-08-29 23:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-31 00:28 . 2012-08-31 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-29 23:05 . 2012-08-29 23:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-31 00:28 . 2012-08-31 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-31 00:28 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-29 23:05 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-08-29 22:16 632268 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-29 23:30 632268 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-29 23:30 112102 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-29 22:16 112102 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-29 23:04 396628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-31 00:28 396628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-23 07:26 . 2012-08-31 00:28 645576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-798728677-2915393756-2057532829-1000-12288.dat
- 2010-10-23 07:26 . 2012-08-29 23:04 645576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-798728677-2915393756-2057532829-1000-12288.dat
- 2009-07-14 04:54 . 2012-08-29 20:04 2605056 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-30 02:23 2605056 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-26 04:52 . 2012-08-29 20:04 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-26 04:52 . 2012-08-30 02:23 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-16 1353080]
"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-11-28 4692296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-04-24 124136]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-26 1289296]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-07-25 525752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-5-16 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-19 834544]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-23 1151096]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110902.030\IDSvia64.sys [2011-08-23 488568]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-05-24 13824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S0 syshost32;syshost32;syshost32 [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-07-25 1105848]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - 526ddae3acceb191
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 06:39]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-18 06:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-22 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-22 2040352]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]
"combofix"="c:\combofix\CF5986.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5820t&r=27360910m906l0403z1m5t5691k674
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 24.215.0.249
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://nac2.resnet.uoguelph.ca/auth/taweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\526ddae3acceb191]
"ImagePath"="\SystemRoot\System32\Drivers\526ddae3acceb191.sys"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\syshost32]
"ImagePath"="\"c:\windows\Installer\{751FCB3D-41E3-6682-A9D6-ABC0893C182C}\syshost.exe\" /service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files\Acer\Acer Updater\UpdaterService.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-08-30 20:39:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 00:39
ComboFix2.txt 2012-08-29 23:16
.
Pre-Run: 34,285,121,536 bytes free
Post-Run: 33,773,805,568 bytes free
.
- - End Of File - - E3B4655A1814644D935139BDBAC985BC

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Travis :: WRATH [administrator]

Protection: Disabled

30/08/2012 8:42:03 PM
mbam-log-2012-08-30 (20-42-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201999
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
c:\windows\syshost.exe (Trojan.Downloader) -> Delete on reboot.
c:\users\public\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\users\travis\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.

(end)

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:44 PM

Posted 31 August 2012 - 05:13 PM

Hi!

I'm giving you a different script to run with ComboFix.

I hope that this will do the trick and remove the nasties. If not, we will have to try going at this from an alternative environment. If we have to do that, it will require us to utilize a USB (Flash) drive.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Rootkit::
c:\system32\Drivers\526ddae3acceb191.sys
c:\windows\Installer\{751FCB3D-41E3-6682-A9D6-ABC0893C182C}\syshost.exe
c:\windows\syshost.exe
c:\users\public\appdata\local\temp\syshost.exe
c:\users\travis\appdata\local\temp\syshost.exe
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe
c:\windows\temp\syshost.exe
ClearJavaCache::
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\syshost32]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\526ddae3acceb191]
Driver::
syshost32
526ddae3acceb191

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:44 PM

Posted 29 September 2012 - 07:16 PM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users