What is AutoCompletePro? I want to remove it, and it won't go away.

IneedHelpASAPossible · May 21, 2012

AutoCompletePro Help!!

Okay here's the summary:

Recently a few days ago, I decided I would convert a video from YouTube into a dvd. I downloaded Freecorder and DVDFlick, it made changes to my computer. But after downloading it, I learned that Freecorder's process of converting videos allowed for viruses. Also, it changed the appearance/toolbars of my web browsers of Mozilla Firefox and Internet Explorer. So I tried un-installing it but I wasn't able to get rid of it. So I uninstalled Mozilla FireFox and removed the toolbars, but I wasn't able to get rid of it entirely. It left some files that were empty shells, example: a folder that was named Freecorder. No matter how many times I deleted the folder it would always come back. I decided I would rename the folder and delete it, it never appeared again. I then installed Mozilla Fire Fox again, the newest version I think. I uninstalled DVDFlick in fear that it was virus filled too. Thinking I had no problems in my computer, I began to normally search and surf the web. Next, I noticed this "AutoCompletePro" Problem when I was typing in DeviantArt's search box. It gave me suggestions of things I never wanted to see. And it was very similar to this other person's picture. http://forums.malwar...howtopic=106199 Clicking on one of the suggestions lead me to a different search engine with no name. After searching on what this "ACP" was, I found out that it was some sort of virus. I tried uninstalling it in programs but I could not find it anywhere. ACP had a disable function but whenever I pressed it, it would always come back.

My question is, What is AutoCompletePro? How can I get rid of it? Where did it most likely come from? Was it from Mozilla or something else? Is it safe? Do I need to worry? Please help me out, I'm really worried, and I'm not very tech-savy when it comes to these virus things...

Maniac · May 21, 2012

Hello IneedHelpASAPossible and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

AutocompletePro is an Adware from Predictad. Predictad makes software to analyze traffic and researches from users.

http://www.autocompletepro.com/EULA/

You hereby acknowledge that Application may send some private information to Simplygen or to Publisher

It is not good for suggestions.

http://www.mywot.com/en/scorecard/autocompletepro.com?utm_source=addon&utm_content=popup-donuts

Step 1

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
OTL log with Extras.txt

IneedHelpASAPossible · May 21, 2012

Thanks for responding!

Sorry, I don't have complete access to the computer right now, can you wait few?

Maniac · May 22, 2012

I will waiting for you. Thanks for letting me know!

IneedHelpASAPossible · May 22, 2012

Ok, I did everything you told me to do. I got MalwareBytes and ran the scan. Removed the files and restarted my computer. Next, I clicked the OTL and saved it. Ran the quick scan. And Finished successfully. But I did encounter something else along the way, it popped up in the middle of the scanning:

Anyways, after that. The two text boxes appeared like you said. Here goes:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.22.03

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

user :: USER-PC [administrator]

Protection: Enabled

5/22/2012 2:35:24 PM

mbam-log-2012-05-22 (14-35-24).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 203879

Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 1

C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 1

C:\Users\user\SoftonicDownloader_for_painttool-sai.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

(end)

2012/05/22 14:34:28 -0700 USER-PC user MESSAGE Starting protection

2012/05/22 14:34:28 -0700 USER-PC user MESSAGE Executing scheduled update: Daily

2012/05/22 14:34:30 -0700 USER-PC user MESSAGE Database already up-to-date

2012/05/22 14:34:31 -0700 USER-PC user MESSAGE Protection started successfully

2012/05/22 14:34:34 -0700 USER-PC user MESSAGE Starting IP protection

2012/05/22 14:34:35 -0700 USER-PC user MESSAGE IP Protection started successfully

2012/05/22 14:45:16 -0700 USER-PC user MESSAGE Starting protection

2012/05/22 14:45:20 -0700 USER-PC user MESSAGE Protection started successfully

2012/05/22 14:45:23 -0700 USER-PC user MESSAGE Starting IP protection

2012/05/22 14:45:25 -0700 USER-PC user MESSAGE IP Protection started successfully

OTL Extras logfile created on: 5/22/2012 2:46:06 PM - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\user\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.46 Gb Available Physical Memory | 74.73% Memory free

11.93 Gb Paging File | 10.31 Gb Available in Paging File | 86.45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 917.74 Gb Total Space | 736.97 Gb Free Space | 80.30% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1104266314-712857307-3192408507-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03E46E59-4922-4561-896C-6AE7AEB826D5}" = rport=137 | protocol=17 | dir=out | app=system |

"{0C2F156B-3F2B-4622-969C-1FF4FBDA64B6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0D2EBCC1-2BE1-4B6B-8A61-657B23EA92DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{14B28422-B0B2-45C8-9A8C-DA6F9AD018FA}" = lport=138 | protocol=17 | dir=in | app=system |

"{29BA30C4-1FD7-48AA-A4A3-0FAB15EEEF80}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{4841F379-5B7B-4D91-BC41-53042845B666}" = lport=137 | protocol=17 | dir=in | app=system |

"{4B4329D2-B684-4C72-89C2-D14324991BC9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{5677B2EF-E133-4F81-98AB-070A543A8795}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |

"{70CB4EAD-5FB6-4AA9-8BF3-9D4EACC9132E}" = lport=445 | protocol=6 | dir=in | app=system |

"{87A2FB6F-F0B2-424C-BF05-8A4E04103E10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{87C4513B-969D-4E5E-A583-5EEE44E45974}" = rport=139 | protocol=6 | dir=out | app=system |

"{932D3A9B-38B0-4B53-BFAF-1B88DF8D4871}" = rport=445 | protocol=6 | dir=out | app=system |

"{ABDCDBF8-44FD-4AD6-8BED-42ADAB1C306E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B7C16091-A3D5-494E-8664-F412EBBA3942}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{BA526B86-2848-4E93-AEB2-80200F1B29CB}" = rport=138 | protocol=17 | dir=out | app=system |

"{BCFC633A-C23C-489A-A2AC-971E7C2354E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C46735C5-76DD-474D-B5BC-3FBEF0FB6B25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C595EED4-2513-474C-97CF-19C9660DE1A2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{C854DF51-C74E-4A67-9987-02B32066F57A}" = lport=139 | protocol=6 | dir=in | app=system |

"{CD3A62B3-50EF-4446-B429-1FDED2FC3AC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D0AE6F57-F831-4486-9B19-6159CEA4158D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{D5126278-C28E-44E5-836C-A583D604F37A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{FD7D8B55-CF09-4075-B9D0-685909BD515F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A5473FA-ACDF-41CF-80B8-051DC94C5182}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{327DBFD3-0261-44DD-8BA0-45D14058E246}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{43E7023D-58BE-49A2-80A9-2B5041AC3BC9}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{4423CBCC-E252-422D-AA80-07707DEAD540}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{57250087-9F21-4B62-8589-2190FB72302C}" = dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |

"{5B16C199-70E9-4892-AE83-68C874DE861A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5C358761-0D20-47E2-8620-6F0D458F4CF7}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{61868E09-63C1-48CC-AD8D-4B3056C4F41B}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{6543B54C-3B49-4671-AB20-D0FE92369DB9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{84910B85-43FE-4024-B0B6-BB4E6B315AD1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{89F0ED6A-8A90-4EB4-A542-E40D415735A6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{8E6E0BCB-C6EB-416B-BA39-314664E37B6A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{94E6EB06-BA4C-46BF-9E8D-6831BA185F05}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{977FC73B-97AE-40DE-8A93-F080944FAE11}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{A52E6F6F-0EF2-4A9E-803F-AF9872F22054}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AC0FE2C6-1B33-4883-A77A-376DA56F0744}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{B2E004BB-D8BE-4A89-945A-C1C6B61BB48C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{BBCDD0EF-D1F4-4E0C-B722-60F76F333DCE}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{BFB7D2C6-4401-47A6-B0F3-F39468CF6CB0}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{DB95BEE1-BF36-4585-A66D-3C21854E72CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{E47CC223-9BAF-4730-A716-29374B3A20C7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{E94D8F90-6B4A-40E6-B8C5-DA15C390EC6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{E9C516FD-9D47-4C76-A467-FE9D2C64D3FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{F7B8332B-8AF6-4531-94C0-BFE84672CD89}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{FE409E75-3A82-4DF1-9E2F-8E1922CCC5EE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"TCP Query User{CBEEC054-A387-4797-9A1F-D3D1F29D97A3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"TCP Query User{D16C8082-74F2-4BC4-A401-B3C06C2E8993}C:\users\user\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe |

"UDP Query User{C65D9FD1-6E4B-4137-9B71-836912B017A9}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

"UDP Query User{D56290F5-C053-422F-A7BC-0635FDA705FF}C:\users\user\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\wzse0.tmp\easyinstall\easyinstall.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support

"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes

"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium

"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center

"EPSON WorkForce 600 Series" = EPSON WorkForce 600 Series Printer Uninstall

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Pen Tablet Driver" = Bamboo

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{319036A6-33A1-4214-ADAE-55A3027FA98D}" = Intermediate Algebra

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock

"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{ca64eb2c-2e5f-40fe-ad91-7dc8320ad59c}" = Nero 9 Essentials

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"AbiWord2" = AbiWord 2.8.6

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Any Video Converter_is1" = Any Video Converter 3.1.5

"ASIO4ALL" = ASIO4ALL

"AviSynth" = AviSynth 2.5

"Bamboo Dock" = Bamboo Dock 3.3

"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor

"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"Drumaxx" = Drumaxx

"Easy Graphic Converter 1.2_is1" = Easy Graphic Converter 1.2

"EPSON Scanner" = EPSON Scan

"FL Studio 9" = FL Studio 9

"Gateway InfoCentre" = Gateway InfoCentre

"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10

"Gateway Registration" = Gateway Registration

"Gateway Screensaver" = Gateway ScreenSaver

"Gateway Welcome Center" = Welcome Center

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HyperCam 2" = HyperCam 2

"Identity Card" = Identity Card

"IL Download Manager" = IL Download Manager

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"Intermediate Algebra (Fall 2009 Student Version)" = Intermediate Algebra (Fall 2009 Student Version)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser

"PoiZone" = PoiZone

"PSP Video 9" = PSP Video 9 6

"Sakura" = Sakura

"Sawer" = Sawer

"The KMPlayer" = The KMPlayer (remove only)

"Toxic Biohazard" = Toxic Biohazard

"Video Mover_is1" = Video Mover

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1104266314-712857307-3192408507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"48e4cff94f039634" = Best Buy pc app

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/13/2012 12:42:02 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1029

Error - 5/13/2012 12:42:03 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/13/2012 12:42:03 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2043

Error - 5/13/2012 12:42:03 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2043

Error - 5/13/2012 12:42:04 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/13/2012 12:42:04 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3042

Error - 5/13/2012 12:42:04 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3042

Error - 5/13/2012 12:42:05 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/13/2012 12:42:05 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4040

Error - 5/13/2012 12:42:05 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4040

[ System Events ]

Error - 7/18/2011 11:51:59 PM | Computer Name = user-PC | Source = DCOM | ID = 10016

Description =

Error - 7/19/2011 6:29:59 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000

Description = The GSCustomizerSvc service failed to start due to the following error:

%%2

Error - 7/19/2011 2:24:40 PM | Computer Name = user-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR9.

Error - 7/27/2011 8:55:28 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000

Description = The GSCustomizerSvc service failed to start due to the following error:

%%2

Error - 7/28/2011 6:52:06 AM | Computer Name = user-PC | Source = DCOM | ID = 10016

Description =

Error - 7/28/2011 9:20:08 PM | Computer Name = user-PC | Source = bowser | ID = 8003

Description =

Error - 7/29/2011 12:39:21 AM | Computer Name = user-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 9:38:46 PM on ?7/?28/?2011 was unexpected.

Error - 7/29/2011 12:39:20 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000

Description = The GSCustomizerSvc service failed to start due to the following error:

%%2

Error - 7/30/2011 1:09:48 AM | Computer Name = user-PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 7/30/2011 4:30:02 PM | Computer Name = user-PC | Source = bowser | ID = 8003

Description =

< End of report >

OTL logfile created on: 5/22/2012 2:46:05 PM - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\user\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.46 Gb Available Physical Memory | 74.73% Memory free

11.93 Gb Paging File | 10.31 Gb Available in Paging File | 86.45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 917.74 Gb Total Space | 736.97 Gb Free Space | 80.30% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/22 14:44:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/09/28 03:11:03 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

PRC - [2011/04/29 19:30:10 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

PRC - [2011/04/29 19:30:08 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

PRC - [2011/04/29 19:30:08 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

PRC - [2011/04/03 14:39:42 | 001,658,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe

PRC - [2010/09/09 15:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

PRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/08 20:04:52 | 000,441,840 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll

MOD - [2012/05/08 20:04:51 | 003,921,904 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll

MOD - [2012/05/08 20:03:36 | 000,553,456 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll

MOD - [2012/05/08 20:03:35 | 000,117,744 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll

MOD - [2012/05/08 20:03:25 | 000,134,656 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll

MOD - [2012/05/08 20:03:24 | 000,250,368 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll

MOD - [2012/05/08 20:03:23 | 002,375,680 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll

MOD - [2011/09/28 03:11:03 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/04/29 19:30:12 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll

MOD - [2011/04/29 18:55:56 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll

MOD - [2011/02/15 15:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll

MOD - [2011/02/15 15:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll

MOD - [2011/02/15 15:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll

MOD - [2011/02/15 15:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll

MOD - [2011/02/15 14:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll

MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)

SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV:64bit: - [2010/02/17 19:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)

SRV:64bit: - [2010/02/09 16:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)

SRV:64bit: - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/04/20 18:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/07/24 15:09:56 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/04/29 19:30:10 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)

SRV - [2010/07/28 12:56:00 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/09/08 18:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2011/09/08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/09/17 16:33:02 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2010/09/17 16:33:02 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010/09/17 16:33:02 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2010/09/17 16:33:02 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/12/09 02:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/22 17:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)

DRV:64bit: - [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/25 13:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...48v115k47l1s249

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...48v115k47l1s249

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...48v115k47l1s249

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...48v115k47l1s249

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...48v115k47l1s249

IE - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found

IE - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/03/27 06:18:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/19 22:21:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/19 22:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions

[2012/05/21 10:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\iuvyj7m3.default\extensions

[2012/05/19 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Skype Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\

CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run File not found

O4 - HKLM..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)

O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1104266314-712857307-3192408507-1000..\Run: [EPSON WorkForce 600 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEKA.EXE /FU "C:\Windows\TEMP\E_S6E63.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-1104266314-712857307-3192408507-1000..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0240F8FF-32BB-42EF-8D34-35CC0129BE58}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{5becc914-e889-11df-950d-00262d3fa4ec}\Shell - "" = AutoRun

O33 - MountPoints2\{5becc914-e889-11df-950d-00262d3fa4ec}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 08:16:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes

[2012/05/21 08:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/21 08:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/21 08:16:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/05/21 08:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/05/19 23:58:28 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Users\user\IE8-WindowsXP-x86-ENU.exe

[2012/05/19 23:57:54 | 016,111,032 | ---- | C] (Microsoft Corporation) -- C:\Users\user\Windows-KB890830-V4.8.exe

[2012/05/19 22:21:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mozilla

[2012/05/19 22:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/05/19 22:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/05/19 22:20:06 | 016,339,280 | ---- | C] (Mozilla) -- C:\Users\user\Firefox Setup 12.0.exe

[2012/05/19 21:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2012/05/19 21:40:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Conduit

[2012/05/19 21:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/05/19 21:39:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\FLVService

[2012/05/19 21:34:15 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll

[2012/05/19 21:34:15 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx

[2012/05/11 03:04:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[1 C:\Users\user\*.tmp files -> C:\Users\user\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/22 14:50:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/22 14:50:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/22 14:49:32 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/22 14:49:32 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/22 14:49:31 | 000,727,538 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/22 14:42:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/22 14:42:37 | 509,480,959 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/22 14:42:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1104266314-712857307-3192408507-1000Core.job

[2012/05/22 14:33:15 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1104266314-712857307-3192408507-1000UA.job

[2012/05/22 14:33:13 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1104266314-712857307-3192408507-1000UA.job

[2012/05/22 14:33:13 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1104266314-712857307-3192408507-1000Core.job

[2012/05/21 08:16:10 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/19 22:21:05 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/05/17 16:24:33 | 000,002,361 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk

[2012/05/13 15:56:35 | 000,014,824 | ---- | M] () -- C:\Users\user\.recently-used.xbel

[2012/05/11 03:27:52 | 000,312,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/04/26 18:01:30 | 462,894,528 | ---- | M] () -- C:\Windows\MEMORY.DMP

[1 C:\Users\user\*.tmp files -> C:\Users\user\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/21 08:16:10 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/19 22:21:05 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/05/19 22:21:04 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/05/13 15:56:35 | 000,014,824 | ---- | C] () -- C:\Users\user\.recently-used.xbel

[2012/04/13 12:00:37 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe

[2012/03/14 20:36:27 | 000,011,264 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/03/05 23:34:44 | 000,000,112 | ---- | C] () -- C:\Windows\wininit.ini

[2011/04/30 22:14:09 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011/04/30 22:14:09 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011/04/30 22:14:09 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011/04/30 22:14:09 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011/04/30 22:14:09 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011/04/30 22:14:09 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011/04/30 22:14:09 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011/04/30 22:14:09 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011/04/30 22:14:09 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011/04/30 22:14:09 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011/04/30 22:14:09 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011/04/30 22:14:09 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011/04/30 22:14:09 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011/04/30 22:14:09 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011/04/30 22:14:09 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011/04/30 22:14:09 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011/02/23 04:17:10 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2011/02/22 17:30:04 | 000,743,742 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/01/06 17:26:19 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/07/28 13:23:58 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

========== LOP Check ==========

[2010/12/13 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft

[2012/01/09 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon

[2012/05/22 14:43:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox

[2010/11/15 17:37:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\enchant

[2011/04/30 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Epson

[2012/05/13 15:56:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0

[2011/04/14 14:41:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PokemonPMDInstaller

[2012/01/08 00:30:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Red Kawa

[2012/01/08 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Regensoft

[2012/05/11 03:26:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client

[2012/03/05 23:23:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SYSTEMAX Software Development

[2011/02/22 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP

[2011/07/23 21:33:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wacom

[2011/07/23 21:33:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2012/05/22 14:33:13 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1104266314-712857307-3192408507-1000Core.job

[2012/05/22 14:33:15 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1104266314-712857307-3192408507-1000UA.job

[2011/05/28 17:44:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

IneedHelpASAPossible · May 22, 2012

One question? What is the threat level of AutoCompletePro?

IneedHelpASAPossible · May 24, 2012

Maniac, are you still there?

Maniac · May 25, 2012

Sorry, some how I miss you. Sorry about that!

One question? What is the threat level of AutoCompletePro?

What exactly do you mean?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
SRV - [2010/07/28 12:56:00 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1104266314-712857307-3192408507-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run File not found
[2012/05/19 21:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/05/19 21:40:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Conduit
[2012/05/19 21:39:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\FLVService

:files
C:\ProgramData\Partner

:Commands
[emptytemp]
[clearallrestorepoints]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

IneedHelpASAPossible · May 26, 2012

I tried scanning it, but it keeps saying not responding. so I always end up exiting out of the program during it's process of scanning. I have no way of knowing if it's scanning or not. Is that normal? Also, when you say hinder, does that mean I can't have any other programs on? And can I also disconnect from the internet to make it scan faster?

To answer that other question, when I say threat level, I mean how bad is this virus? Is it dangerous or just a small problem?

Maniac · May 26, 2012

I can't say what is the level of danger. Collect some information about you, that means less danger level.

Try again in Safe Mode:

http://windows.microsoft.com/en-us/windows7/Start-your-computer-in-safe-mode

IneedHelpASAPossible · May 27, 2012

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1104266314-712857307-3192408507-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.

Error: No service named Partner Service was found to stop!

Service\Driver key Partner Service not found.

File C:\ProgramData\Partner\Partner.exe not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found.

File C:\ProgramData\Partner\Partner64.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.

Registry value HKEY_USERS\S-1-5-21-1104266314-712857307-3192408507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Freecorder FLV Service not found.

Folder C:\Program Files (x86)\Conduit\ not found.

Folder C:\Users\user\AppData\Local\Conduit\ not found.

Folder C:\Users\user\AppData\Local\FLVService\ not found.

========== FILES ==========

File\Folder C:\ProgramData\Partner not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: user

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 31001625233 bytes

->Java cache emptied: 1100864 bytes

->FireFox cache emptied: 680213811 bytes

->Google Chrome cache emptied: 355187894 bytes

->Flash cache emptied: 64390 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 276334989 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045667 bytes

RecycleBin emptied: 12951423 bytes

Total Files Cleaned = 30,864.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.1 log created on 05252012_224110

Files\Folders moved on Reboot...

File\Folder C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\iuvyj7m3.default\startupCache\startupCache.4.little moved successfully.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\iuvyj7m3.default\Cache\_CACHE_001_ moved successfully.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\iuvyj7m3.default\Cache\_CACHE_002_ moved successfully.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\iuvyj7m3.default\Cache\_CACHE_003_ moved successfully.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\iuvyj7m3.default\Cache\_CACHE_MAP_ moved successfully.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\iuvyj7m3.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

LDTate · May 27, 2012

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

LDTate · May 30, 2012

Do you still need help with this?

IneedHelpASAPossible · May 31, 2012

Probably not, I haven't seen the popip in a while. I think it's gone because of one of the earlier scans.

Thanks!

LDTate · May 31, 2012

You're more than welcome.

Glad we were able to help

Peace be with you

LDTate · May 31, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

What is AutoCompletePro? I want to remove it, and it won't go away.

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information