Jump to content

Trojan.Dropper.BCMiner


Recommended Posts

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/31/2011 3:19:58 AM

System Uptime: 7/19/2012 7:19:31 PM (5 hours ago)

.

Motherboard: Acer | | JE51_DN

Processor: AMD Phenom II N970 Quad-Core Processor | Socket S1G4 | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 76.051 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP121: 7/14/2012 9:56:06 AM - Scheduled Checkpoint

RP122: 7/20/2012 12:15:59 AM - Removed Oblivion

RP123: 7/20/2012 12:19:07 AM - Removed Oblivion - Horse Armor Pack

RP124: 7/20/2012 12:20:28 AM - Removed Oblivion - Knights of the Nine

RP125: 7/20/2012 12:25:28 AM - Removed Oblivion - Wizard's Tower

RP126: 7/20/2012 12:26:52 AM - Removed Oblivion - Mehrunes Razor

RP127: 7/20/2012 12:32:02 AM - Removed Oblivion - Orrery

RP128: 7/20/2012 12:33:09 AM - Removed Oblivion - Spell Tomes

RP129: 7/20/2012 12:35:23 AM - Removed Oblivion - The Fighter's Stronghold

RP130: 7/20/2012 12:36:19 AM - Removed Oblivion - Thieves Den

RP131: 7/20/2012 12:37:04 AM - Removed Oblivion - Vile Lair

.

==== Installed Programs ======================

.

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1 MUI

Adobe Shockwave Player 11.6

Aegisub 2.1.9

Amnesia - The Dark Descent

Any Video Converter 3.3.2

Apple Application Support

Apple Software Update

ASIO4ALL

Audacity 1.3.14 (Unicode)

Backup Manager Basic

Borderlands

Brytenwalda version 1.394

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Contrôle ActiveX Windows Live Mesh pour connexions à distance

CyberLink PowerDVD 9

D3DX10

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diablo III

Dota 2

erLT

EZdrummer

EZXClaustrophobic

EZXDfh

EZXNashville

EZXPercussion

EZXTwisted

EZXVintage

FL Studio 10

Freestyle GunZ Version 7

Galerie de photos Windows Live

Game Booster 3

Google Chrome

Guitar Pro 6

Identity Card

IL Download Manager

Inkscape 0.48.2

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Katawa Shoujo

LAME v3.98.3 for Audacity

Last.fm 1.5.4.27091

Launch Manager

LogMeIn Hamachi

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Microsoft Office 2010

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

MiniLyrics

Mobile Mouse Server

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MyWinLocker 4

MyWinLocker Suite

Native Instruments Controller Editor

Native Instruments Guitar Rig 5

Native Instruments Guitar Rig Mobile I/O

Native Instruments Guitar Rig Session I/O

Native Instruments Rig Kontrol 3

Native Instruments Service Center

Norton Online Backup

NTI Media Maker 9

NVIDIA PhysX v8.10.29

Opera 12.00

PowerISO

PyScripter 2.5.3

QuickTime

REACTOR

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Rosetta Stone V3

RTP 1.32 Add-On for RM2k

RTP for RM2K (Png, Wav, Midi, Fonts)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Shredder

Skype Click to Call

Skype™ 5.10

SpeedFan (remove only)

StarCraft II

Steam

StepMania v5.0 alpha 1 (remove only)

swMSM

System Requirements Lab CYRI

Text-To-Speech-Runtime

Unity Web Player

Unofficial Oblivion Patch v3.2.0

Unofficial Official Mods Patch v16

Unofficial Shivering Isles Patch v1.5.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

VLC media player 1.1.11

VST Bridge 1.1

Welcome Center

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wrye Bash

.

==== Event Viewer Messages From Past Week ========

.

7/19/2012 9:57:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.

7/19/2012 5:07:55 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2811996591/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

7/19/2012 5:07:55 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

7/19/2012 4:54:16 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/19/2012 4:54:16 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/19/2012 4:54:15 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/19/2012 4:54:15 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.

7/19/2012 4:53:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dlcf_device service to connect.

7/19/2012 4:53:22 PM, Error: Service Control Manager [7000] - The dlcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/19/2012 4:53:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service dlcf_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

7/19/2012 3:42:57 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:41:56 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:40:55 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:39:55 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:38:54 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:37:53 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:36:52 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:35:51 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:34:50 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:33:50 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:32:49 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:31:48 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/19/2012 3:31:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.

7/19/2012 3:31:48 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/19/2012 11:53:55 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

7/19/2012 11:53:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

7/19/2012 11:53:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer7 service.

7/19/2012 11:53:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIHardwareService service.

7/17/2012 8:05:42 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

7/17/2012 8:00:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000010, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ef8f00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-33415-01.

7/17/2012 7:48:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.

7/17/2012 1:32:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.

7/15/2012 12:26:59 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

7/15/2012 12:26:59 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

7/15/2012 11:06:31 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{03EC1C44-13FC-4FD7-9FE1-3657A0813396} because another computer on the network has the same name. The server could not start.

.

==== End Of File ===========================

apparently theres a lot of this :[

I need help too

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Ricky at 0:47:33 on 2012-07-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1672 [GMT -7:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Logitech\SetPoint II\SetPointII.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\Opera\opera.exe

C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Minilyrics\MiniLyrics.exe

C:\Program Files (x86)\Last.fm\LastFM.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\dlcfcoms.exe

C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\msiexec.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\Users\Ricky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{03EC1C44-13FC-4FD7-9FE1-3657A0813396} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{03EC1C44-13FC-4FD7-9FE1-3657A0813396}\03530323D275946494 : DhcpNameServer = 172.31.11.65 172.31.11.193 10.49.16.34 10.49.16.35

TCP: Interfaces\{03EC1C44-13FC-4FD7-9FE1-3657A0813396}\134353233343 : DhcpNameServer = 8.8.8.8

TCP: Interfaces\{03EC1C44-13FC-4FD7-9FE1-3657A0813396}\14E64627F696461405 : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{03EC1C44-13FC-4FD7-9FE1-3657A0813396}\452554E444E65647635323 : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{03EC1C44-13FC-4FD7-9FE1-3657A0813396}\E4544574541425 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E34C0858-C4DE-4ABB-A3FD-2980D3F1394B} : DhcpNameServer = 172.16.68.215 172.16.68.215 8.8.8.8

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-4-25 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-8-6 867712]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-4-25 244624]

R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-4-7 5352960]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 250056]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]

S3 hitmanpro36;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-5-20 14544]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-19 22:47:11 -------- d-----w- C:\Users\Ricky\AppData\Local\{BBCA7D1B-CB1C-44ED-A175-916BAF370B1B}

2012-07-19 22:46:45 -------- d-----w- C:\Users\Ricky\AppData\Local\{2EC1E0D7-2807-4298-9ED4-87BD556C815D}

2012-07-19 03:57:59 -------- d-----w- C:\Users\Ricky\SNES

2012-07-18 16:47:34 -------- d-----w- C:\Users\Ricky\AppData\Local\{9F27D90B-FB95-4E47-9E90-A0AEF18D2D58}

2012-07-18 16:47:20 -------- d-----w- C:\Users\Ricky\AppData\Local\{10E271D3-E1AC-447A-B737-F167FA32494B}

2012-07-17 17:02:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-17 15:07:03 -------- d-----w- C:\Users\Ricky\AppData\Local\{1EBD8EAC-F87B-4EFE-8BED-D59FACF0BE35}

2012-07-17 15:06:47 -------- d-----w- C:\Users\Ricky\AppData\Local\{0F1AB64A-E604-482B-A78A-761AB668C8A1}

2012-07-15 05:48:26 -------- d-----w- C:\Users\Ricky\Napoleonic Wars

2012-07-15 05:42:40 -------- d-----w- C:\Users\Ricky\AppData\Roaming\Mount&Blade Warband

2012-07-15 03:08:24 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-13 07:38:04 87040 ----a-w- C:\Windows\UnGins.exe

2012-07-13 07:38:03 -------- d-----w- C:\Program Files (x86)\ASCII

2012-07-12 16:49:40 -------- d-----w- C:\Users\Ricky\AppData\Local\{99F1EBF1-FEC5-416B-92C0-4BFB93E9A98D}

2012-07-12 16:49:27 -------- d-----w- C:\Users\Ricky\AppData\Local\{8F820B9F-6263-4998-AB9E-CD86045020EB}

2012-07-12 06:26:25 -------- d-----w- C:\Users\Ricky\AppData\Roaming\Rainmeter

2012-07-09 03:10:15 -------- d-----w- C:\Users\Ricky\AppData\Roaming\To the Moon

2012-07-09 03:05:44 -------- d-----w- C:\Downloads

2012-07-08 03:13:14 -------- d-----w- C:\Users\Ricky\Zomboid

2012-07-08 03:11:03 -------- d-----w- C:\Program Files (x86)\Project Zomboid

2012-07-08 01:14:07 -------- d-----w- C:\ProgramData\HappyCloud

2012-07-07 18:21:38 -------- d-----w- C:\Users\Ricky\AppData\Local\{9AAC4208-CBA5-4902-80FF-7E1E886EBED2}

2012-07-07 18:16:13 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-07-02 08:27:39 -------- d-----w- C:\Program Files (x86)\Freestyle GunZ Version 7

2012-06-29 23:51:18 -------- d-----w- C:\Users\Ricky\AppData\Local\LogiShrd

2012-06-29 23:31:07 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro

2012-06-29 18:30:35 -------- d-----w- C:\Users\Ricky\AppData\Local\{5EEB3F16-D0A5-46AD-BEFD-F05F5BFF683F}

2012-06-29 18:30:11 -------- d-----w- C:\Users\Ricky\AppData\Local\{18153D92-D83D-4C6D-8074-462ED2476836}

2012-06-29 06:29:38 -------- d-----w- C:\Users\Ricky\AppData\Local\{83D27C3D-6F31-47AF-A024-5B4DD199991D}

2012-06-29 06:29:14 -------- d-----w- C:\Users\Ricky\AppData\Local\{1E033F6A-E883-41C9-B9B4-95A935CAD889}

2012-06-28 04:06:43 -------- d-----w- C:\Program Files (x86)\2K Games

2012-06-28 04:03:26 -------- d-----w- C:\Windows\SysWow64\AGEIA

2012-06-28 04:03:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-06-27 20:19:02 -------- d-----w- C:\Users\Ricky\AppData\Local\{5267C9F6-628D-4DA2-9F1D-11A8C5E0E897}

2012-06-27 20:18:44 -------- d-----w- C:\Users\Ricky\AppData\Local\{D0C17EED-A33C-48A8-90D6-A599FEB268FD}

2012-06-26 16:08:26 -------- d-----w- C:\Users\Ricky\AppData\Local\{51FA7DDD-1708-4E94-92AC-0CC7BC2A387D}

2012-06-26 16:08:12 -------- d-----w- C:\Users\Ricky\AppData\Local\{9DB275C0-56B6-42BE-A0FD-1CC399EAD41F}

2012-06-25 20:22:08 -------- d-----w- C:\Users\Ricky\AppData\Local\{657743FC-B41B-4B07-A288-1D69EDFBB516}

2012-06-25 20:21:42 -------- d-----w- C:\Users\Ricky\AppData\Local\{CCDA1E02-64EE-4D82-BE55-2D1765E93A21}

2012-06-25 20:02:54 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys

2012-06-25 20:01:19 -------- d-----w- C:\ProgramData\HitmanPro

2012-06-25 17:36:34 -------- d-----w- C:\Users\Ricky\AppData\Roaming\Malwarebytes

2012-06-25 17:36:25 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-25 17:36:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-25 08:20:27 -------- d-----w- C:\Users\Ricky\AppData\Local\{B3635966-A812-4CF6-BA1A-E2B318B92085}

2012-06-25 08:20:05 -------- d-----w- C:\Users\Ricky\AppData\Local\{FBE063E6-5088-4054-B013-C695A6CB797F}

2012-06-25 05:01:31 -------- d-----w- C:\Users\Ricky\AppData\Local\{70D2A193-8554-40FB-BE44-9F03E960A604}

2012-06-25 05:01:06 -------- d-----w- C:\Users\Ricky\AppData\Local\{F9D7C352-83AB-43D9-844F-63C5A2225271}

2012-06-24 17:00:38 -------- d-----w- C:\Users\Ricky\AppData\Local\{88BD3378-1FE5-4D5D-BA41-750CE9AE0217}

2012-06-24 17:00:14 -------- d-----w- C:\Users\Ricky\AppData\Local\{1B2B5DB8-7026-46A4-801B-858E61D5044A}

2012-06-24 04:59:55 -------- d-----w- C:\Users\Ricky\AppData\Local\{C57AB993-2598-42E4-8E52-58EC3B98D27C}

2012-06-24 04:59:36 -------- d-----w- C:\Users\Ricky\AppData\Local\{1C01D206-4416-4A2E-BA64-008379D37DE7}

2012-06-23 16:26:33 -------- d-----w- C:\Users\Ricky\AppData\Local\{47EDB3B7-697E-4327-94F4-5C4D642C5805}

2012-06-22 16:37:57 -------- d-----w- C:\Users\Ricky\AppData\Local\{09CE05AB-F682-4569-B714-79D109821D45}

2012-06-21 18:52:05 -------- d-----w- C:\Users\Ricky\AppData\Local\{32C00C51-CD87-4E58-ACC1-F7992C83B48C}

2012-06-21 18:51:38 -------- d-----w- C:\Users\Ricky\AppData\Local\{8160EECA-F3BA-4628-AE75-79AD9F8E2CFC}

2012-06-21 05:55:52 -------- d-----w- C:\Program Files (x86)\WB Games

2012-06-20 20:35:16 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-06-20 20:31:34 -------- d-----w- C:\Users\Ricky\AppData\Local\PunkBuster

2012-06-20 19:29:11 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-06-20 17:56:01 -------- d-----w- C:\Program Files (x86)\EA Games

.

==================== Find3M ====================

.

2012-07-12 18:29:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 18:29:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-16 00:17:26 28096 ----a-w- C:\Windows\System32\xfcodec64.dll

.

============= FINISH: 0:47:56.97 ===============

Link to post
Share on other sites

Hello danhipofan and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Thanks for the reply

yeah I'd like to try to clean this computer

OTL logfile created on: 7/20/2012 8:27:06 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ricky\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 51.41% Memory free

7.49 Gb Paging File | 5.08 Gb Available in Paging File | 67.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 282.98 Gb Total Space | 76.16 Gb Free Space | 26.91% Space Free | Partition Type: NTFS

Computer Name: RICKY-PC | User Name: Ricky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/20 08:25:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ricky\Desktop\OTL.exe

PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/06/16 22:36:48 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe

PRC - [2012/04/23 19:37:44 | 000,609,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe

PRC - [2011/11/06 18:01:19 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2011/09/03 19:29:36 | 001,106,432 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe

PRC - [2011/08/08 13:12:44 | 000,039,080 | ---- | M] (RPA Technology) -- C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe

PRC - [2011/06/14 23:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

PRC - [2011/01/31 13:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2010/10/27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe

PRC - [2010/09/27 19:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

PRC - [2010/09/17 16:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

PRC - [2010/09/17 16:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

PRC - [2010/08/10 02:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2010/08/10 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2010/08/10 02:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2010/06/28 15:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2010/06/28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/25 01:19:57 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/06/25 01:19:56 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/06/25 01:19:56 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/06/25 01:19:56 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/06/25 01:19:56 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/06/16 22:36:55 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll

MOD - [2012/06/16 22:36:55 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll

MOD - [2012/06/16 22:36:55 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll

MOD - [2012/06/16 22:36:55 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll

MOD - [2012/06/16 22:36:55 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll

MOD - [2012/06/16 22:36:55 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll

MOD - [2012/06/16 22:36:55 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll

MOD - [2012/06/16 22:36:55 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll

MOD - [2012/06/16 22:36:55 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll

MOD - [2012/06/16 22:36:54 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll

MOD - [2012/06/16 22:36:54 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll

MOD - [2012/06/16 22:36:54 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll

MOD - [2012/06/16 22:36:54 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll

MOD - [2011/11/04 23:20:00 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll

MOD - [2011/11/04 23:16:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll

MOD - [2011/11/04 23:16:10 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011/11/04 23:16:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011/11/04 23:15:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011/11/04 23:15:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011/11/04 23:15:34 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011/11/04 23:15:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/09/03 19:29:36 | 001,106,432 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe

MOD - [2011/06/14 15:19:58 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\BonjourService.dll

MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2010/10/27 21:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll

MOD - [2010/10/27 21:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll

MOD - [2010/10/27 21:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll

MOD - [2010/10/27 21:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll

MOD - [2010/10/27 21:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll

MOD - [2010/10/27 21:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll

MOD - [2010/10/27 21:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll

MOD - [2010/10/27 21:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll

MOD - [2010/10/27 21:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll

MOD - [2010/10/27 21:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll

MOD - [2010/10/27 21:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll

MOD - [2010/06/28 15:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2009/05/19 23:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

MOD - [2008/04/16 17:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll

MOD - [2008/04/16 17:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll

MOD - [2008/04/16 17:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll

MOD - [2008/04/16 17:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll

MOD - [2008/04/16 17:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll

MOD - [2008/04/02 14:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll

MOD - [2008/04/02 14:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll

MOD - [2008/04/02 14:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/07 08:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)

SRV:64bit: - [2011/01/31 13:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)

SRV:64bit: - [2011/01/05 15:23:58 | 000,867,712 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2010/10/27 20:38:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2005/10/28 09:06:56 | 000,451,584 | ---- | M] ( ) [On_Demand | Running] -- C:\Windows\SysNative\dlcfcoms.exe -- (dlcf_device)

SRV - [2012/07/12 11:29:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/06/25 01:19:58 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/08/06 07:50:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/07/17 09:04:00 | 004,390,376 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2010/09/27 18:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2010/08/10 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010/06/28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/25 13:18:44 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)

DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)

DRV:64bit: - [2011/06/15 01:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2011/04/25 23:33:52 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2011/04/25 23:33:52 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2011/04/25 23:33:52 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/09 21:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2011/03/09 21:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2011/03/01 07:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/27 21:11:44 | 007,877,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/10/27 20:03:38 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/09/23 17:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/06/17 02:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/06/16 14:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2010/05/14 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™

DRV:64bit: - [2010/05/11 03:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/04/28 14:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2010/04/13 03:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004/12/31 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ricky\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ricky\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ricky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/24 17:10:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 01:15:03 | 000,000,000 | ---D | M]

[2011/11/13 16:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricky\AppData\Roaming\Mozilla\Extensions

[2012/05/26 19:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\extensions

[2012/05/26 19:46:50 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

[2012/06/12 19:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/28 23:22:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/11/04 23:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

[2011/11/04 20:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/04 20:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Ricky\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ricky\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ricky\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Ricky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Ricky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: Skype Click to Call = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\

CHR - Extension: uTorrentControl2 = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\

O1 HOSTS File: ([2012/03/03 20:53:28 | 000,000,851 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

O3 - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-326138110-2251153826-1828377263-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EC1C44-13FC-4FD7-9FE1-3657A0813396}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E34C0858-C4DE-4ABB-A3FD-2980D3F1394B}: DhcpNameServer = 172.16.68.215 172.16.68.215 8.8.8.8

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{007f7745-25a3-11e1-bfd8-b870f4b25692}\Shell - "" = AutoRun

O33 - MountPoints2\{007f7745-25a3-11e1-bfd8-b870f4b25692}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{1d241aae-0447-11e1-91a3-b870f4b25692}\Shell - "" = AutoRun

O33 - MountPoints2\{1d241aae-0447-11e1-91a3-b870f4b25692}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{3e0185dc-22f0-11e1-97b2-b870f4b25692}\Shell - "" = AutoRun

O33 - MountPoints2\{3e0185dc-22f0-11e1-97b2-b870f4b25692}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{91532182-a42f-11e1-8f16-b870f4b25692}\Shell - "" = AutoRun

O33 - MountPoints2\{91532182-a42f-11e1-8f16-b870f4b25692}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{91992579-82ac-11e1-add3-b870f4b25692}\Shell - "" = AutoRun

O33 - MountPoints2\{91992579-82ac-11e1-add3-b870f4b25692}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Launcher.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 08:25:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ricky\Desktop\OTL.exe

[2012/07/20 00:02:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ricky\Desktop\dds.com

[2012/07/19 18:52:35 | 001,437,107 | ---- | C] (Farbar) -- C:\Users\Ricky\Desktop\FRST64.exe

[2012/07/19 15:47:11 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{BBCA7D1B-CB1C-44ED-A175-916BAF370B1B}

[2012/07/19 15:46:45 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{2EC1E0D7-2807-4298-9ED4-87BD556C815D}

[2012/07/19 14:04:16 | 622,593,731 | ---- | C] (Brytenwalda Dev. ) -- C:\Users\Ricky\Desktop\brytenwalda1394.exe

[2012/07/18 20:57:59 | 000,000,000 | ---D | C] -- C:\Users\Ricky\SNES

[2012/07/18 09:47:34 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{9F27D90B-FB95-4E47-9E90-A0AEF18D2D58}

[2012/07/18 09:47:20 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{10E271D3-E1AC-447A-B737-F167FA32494B}

[2012/07/17 10:02:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/17 08:07:03 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{1EBD8EAC-F87B-4EFE-8BED-D59FACF0BE35}

[2012/07/17 08:06:47 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{0F1AB64A-E604-482B-A78A-761AB668C8A1}

[2012/07/14 22:52:45 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Documents\Mount&Blade Warband Savegames

[2012/07/14 22:48:26 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Napoleonic Wars

[2012/07/14 22:42:40 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Documents\Mount&Blade Warband

[2012/07/14 22:42:40 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Mount&Blade Warband

[2012/07/14 20:08:24 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/13 00:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker 2000 1.05

[2012/07/13 00:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCII

[2012/07/12 09:49:40 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{99F1EBF1-FEC5-416B-92C0-4BFB93E9A98D}

[2012/07/12 09:49:27 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{8F820B9F-6263-4998-AB9E-CD86045020EB}

[2012/07/11 23:26:25 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Documents\Rainmeter

[2012/07/11 23:26:25 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Rainmeter

[2012/07/08 20:10:15 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\To the Moon

[2012/07/08 20:05:44 | 000,000,000 | ---D | C] -- C:\Downloads

[2012/07/07 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Zomboid

[2012/07/07 20:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project Zomboid

[2012/07/07 18:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HappyCloud

[2012/07/07 11:21:38 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{9AAC4208-CBA5-4902-80FF-7E1E886EBED2}

[2012/07/07 11:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2012/07/07 11:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2012/07/03 22:58:47 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Documents\Microsoft Hardware

[2012/07/02 09:21:05 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Documents\Freestyle Gunz

[2012/07/02 01:27:42 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freestyle GunZ Version 7

[2012/07/02 01:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freestyle GunZ Version 7

[2012/06/29 16:51:18 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\LogiShrd

[2012/06/29 16:50:41 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Leadertech

[2012/06/29 16:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2012/06/29 16:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2012/06/29 16:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2012/06/29 16:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd

[2012/06/29 16:48:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2012/06/29 16:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd

[2012/06/29 16:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard

[2012/06/29 16:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro

[2012/06/29 11:30:35 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{5EEB3F16-D0A5-46AD-BEFD-F05F5BFF683F}

[2012/06/29 11:30:11 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{18153D92-D83D-4C6D-8074-462ED2476836}

[2012/06/28 23:29:38 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{83D27C3D-6F31-47AF-A024-5B4DD199991D}

[2012/06/28 23:29:14 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{1E033F6A-E883-41C9-B9B4-95A935CAD889}

[2012/06/27 21:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games

[2012/06/27 21:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012/06/27 21:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies

[2012/06/27 21:03:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA

[2012/06/27 21:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2012/06/27 13:19:02 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{5267C9F6-628D-4DA2-9F1D-11A8C5E0E897}

[2012/06/27 13:18:44 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{D0C17EED-A33C-48A8-90D6-A599FEB268FD}

[2012/06/26 15:10:46 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Desktop\walkaway_data

[2012/06/26 09:08:26 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{51FA7DDD-1708-4E94-92AC-0CC7BC2A387D}

[2012/06/26 09:08:12 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{9DB275C0-56B6-42BE-A0FD-1CC399EAD41F}

[2012/06/25 13:22:08 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{657743FC-B41B-4B07-A288-1D69EDFBB516}

[2012/06/25 13:21:42 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{CCDA1E02-64EE-4D82-BE55-2D1765E93A21}

[2012/06/25 13:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012/06/25 10:36:34 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Malwarebytes

[2012/06/25 10:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/25 10:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/25 10:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/25 01:20:27 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{B3635966-A812-4CF6-BA1A-E2B318B92085}

[2012/06/25 01:20:05 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{FBE063E6-5088-4054-B013-C695A6CB797F}

[2012/06/24 22:01:31 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{70D2A193-8554-40FB-BE44-9F03E960A604}

[2012/06/24 22:01:06 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{F9D7C352-83AB-43D9-844F-63C5A2225271}

[2012/06/24 10:00:38 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{88BD3378-1FE5-4D5D-BA41-750CE9AE0217}

[2012/06/24 10:00:14 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{1B2B5DB8-7026-46A4-801B-858E61D5044A}

[2012/06/23 21:59:55 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{C57AB993-2598-42E4-8E52-58EC3B98D27C}

[2012/06/23 21:59:36 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{1C01D206-4416-4A2E-BA64-008379D37DE7}

[2012/06/23 09:26:33 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{47EDB3B7-697E-4327-94F4-5C4D642C5805}

[2012/06/22 09:37:57 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{09CE05AB-F682-4569-B714-79D109821D45}

[2012/06/21 11:52:05 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{32C00C51-CD87-4E58-ACC1-F7992C83B48C}

[2012/06/21 11:51:38 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\{8160EECA-F3BA-4628-AE75-79AD9F8E2CFC}

[2012/06/20 22:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WB Games

[2012/06/20 13:31:34 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\PunkBuster

[2012/06/20 13:29:28 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Documents\Battlefield Play4Free

[2012/06/20 10:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/20 08:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/20 08:25:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ricky\Desktop\OTL.exe

[2012/07/20 08:17:02 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/20 08:17:02 | 000,659,818 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/20 08:17:02 | 000,120,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/20 08:14:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-326138110-2251153826-1828377263-1001UA.job

[2012/07/20 08:13:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/20 00:02:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ricky\Desktop\dds.com

[2012/07/19 21:25:01 | 001,552,384 | ---- | M] () -- C:\Users\Ricky\Desktop\RogueKiller.exe

[2012/07/19 18:52:39 | 001,437,107 | ---- | M] (Farbar) -- C:\Users\Ricky\Desktop\FRST64.exe

[2012/07/19 17:01:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/19 17:01:35 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/19 16:54:01 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/19 16:18:54 | 622,593,731 | ---- | M] (Brytenwalda Dev. ) -- C:\Users\Ricky\Desktop\brytenwalda1394.exe

[2012/07/19 10:07:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-326138110-2251153826-1828377263-1001Core.job

[2012/07/17 10:02:41 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/17 08:00:09 | 290,128,816 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/13 12:00:43 | 005,122,824 | ---- | M] () -- C:\Users\Ricky\Desktop\Untitled.mp3

[2012/07/12 09:44:58 | 005,182,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/09 02:12:45 | 000,002,298 | ---- | M] () -- C:\Users\Ricky\AppData\Roaming\ASSDraw3.cfg

[2012/07/07 20:11:26 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\Project Zomboid.lnk

[2012/07/07 11:23:01 | 000,001,318 | ---- | M] () -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2012/07/05 21:36:56 | 000,372,183 | ---- | M] () -- C:\Users\Ricky\Desktop\InMyDreamsNeilZaza.pdf

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/06/29 22:11:42 | 000,001,051 | ---- | M] () -- C:\Users\Ricky\Application Data\Microsoft\Internet Explorer\Quick Launch\MiniLyrics.lnk

[2012/06/29 16:49:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf

[2012/06/29 16:49:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf

[2012/06/29 16:49:00 | 000,000,848 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk

[2012/06/28 13:29:25 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini

[2012/06/26 22:29:59 | 003,258,215 | ---- | M] () -- C:\Users\Ricky\Desktop\walkaway.mp3

[2012/06/26 22:28:30 | 000,041,774 | ---- | M] () -- C:\Users\Ricky\Desktop\walkaway.aup

[2012/06/26 11:08:16 | 036,288,702 | ---- | M] () -- C:\Users\Ricky\Desktop\bass.wav

[2012/06/26 11:07:45 | 036,289,226 | ---- | M] () -- C:\Users\Ricky\Desktop\dr.wav

[2012/06/26 10:46:53 | 000,090,375 | ---- | M] () -- C:\Users\Ricky\Desktop\WalkAway.flp

[2012/06/25 13:18:44 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys

[2012/06/25 13:17:08 | 000,035,278 | ---- | M] () -- C:\Windows\SysNative\.crusader

[2012/06/20 13:47:37 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/06/20 13:47:30 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/19 21:25:00 | 001,552,384 | ---- | C] () -- C:\Users\Ricky\Desktop\RogueKiller.exe

[2012/07/19 17:19:18 | 000,002,180 | ---- | C] () -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Napoleonic Wars.lnk

[2012/07/19 17:19:18 | 000,002,124 | ---- | C] () -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband.lnk

[2012/07/19 16:59:04 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\00000008.@

[2012/07/17 10:02:41 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/14 19:55:09 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000032.@

[2012/07/14 19:54:58 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000000.@

[2012/07/14 19:54:56 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000064.@

[2012/07/14 19:54:56 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\L\00000004.@

[2012/07/14 19:54:55 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\00000004.@

[2012/07/14 19:54:45 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\000000cb.@

[2012/07/13 12:00:36 | 005,122,824 | ---- | C] () -- C:\Users\Ricky\Desktop\Untitled.mp3

[2012/07/13 00:38:04 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe

[2012/07/07 20:11:26 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\Project Zomboid.lnk

[2012/07/07 11:23:01 | 000,001,318 | ---- | C] () -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2012/07/05 21:36:55 | 000,372,183 | ---- | C] () -- C:\Users\Ricky\Desktop\InMyDreamsNeilZaza.pdf

[2012/06/29 22:11:42 | 000,001,051 | ---- | C] () -- C:\Users\Ricky\Application Data\Microsoft\Internet Explorer\Quick Launch\MiniLyrics.lnk

[2012/06/29 16:49:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf

[2012/06/29 16:49:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf

[2012/06/29 16:49:00 | 000,000,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk

[2012/06/26 22:29:30 | 003,258,215 | ---- | C] () -- C:\Users\Ricky\Desktop\walkaway.mp3

[2012/06/26 15:11:01 | 000,041,774 | ---- | C] () -- C:\Users\Ricky\Desktop\walkaway.aup

[2012/06/26 11:08:07 | 036,288,702 | ---- | C] () -- C:\Users\Ricky\Desktop\bass.wav

[2012/06/26 11:07:20 | 036,289,226 | ---- | C] () -- C:\Users\Ricky\Desktop\dr.wav

[2012/06/26 00:27:11 | 000,090,375 | ---- | C] () -- C:\Users\Ricky\Desktop\WalkAway.flp

[2012/06/25 13:17:08 | 000,035,278 | ---- | C] () -- C:\Windows\SysNative\.crusader

[2012/06/25 13:02:54 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys

[2012/06/20 13:35:16 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/06/20 12:29:11 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/06/18 22:59:09 | 000,075,368 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp

[2012/06/17 12:24:33 | 000,002,298 | ---- | C] () -- C:\Users\Ricky\AppData\Roaming\ASSDraw3.cfg

[2012/05/22 11:55:22 | 000,002,266 | ---- | C] () -- C:\Users\Ricky\.recently-used.xbel

[2012/04/08 20:43:59 | 000,063,831 | ---- | C] () -- C:\Users\Ricky\AppData\Roaming\icarus-dxdiag.xml

[2011/12/30 21:19:12 | 000,000,604 | ---- | C] () -- C:\Program Files (x86)\_Z2

[2011/12/24 17:15:20 | 000,005,104 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss

[2011/12/14 09:00:03 | 000,003,584 | ---- | C] () -- C:\Users\Ricky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/18 22:48:15 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/11/12 16:41:48 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2011/11/12 15:04:05 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI

[2011/08/06 07:43:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/04/25 23:53:28 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/11/20 20:23:51 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\@

[2010/11/20 20:23:51 | 000,002,048 | -HS- | C] () -- C:\Users\Ricky\AppData\Local\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\@

========== LOP Check ==========

[2012/07/20 00:37:48 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\.minecraft

[2011/12/24 17:19:02 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\AnvSoft

[2012/07/18 22:39:49 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Audacity

[2011/12/30 18:46:24 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Avid

[2011/12/25 15:03:57 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\fltk.org

[2012/01/14 16:49:24 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\GetRightToGo

[2011/11/03 17:05:59 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Guitar Pro 6

[2012/06/18 23:10:28 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\ijjigame

[2012/01/19 22:19:29 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\inkscape

[2012/07/06 00:06:22 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Launchy

[2012/06/29 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Leadertech

[2012/05/26 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\MAGIX

[2011/12/08 15:18:56 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\MediaMonkey

[2012/07/19 11:57:50 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\MiniLyrics

[2012/07/16 18:50:49 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Mount&Blade Warband

[2012/07/14 22:43:41 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Mount&Blade With Fire and Sword

[2011/12/24 17:16:19 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\MOVAVI

[2011/12/07 15:20:14 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Opera

[2011/11/12 20:37:38 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Publish Providers

[2012/02/03 11:17:11 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\PyScripter

[2012/07/11 23:26:26 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Rainmeter

[2011/12/27 09:50:51 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\redsn0w

[2012/03/26 20:41:22 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\RenPy

[2012/06/13 10:13:27 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Sony

[2012/02/04 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Sony Creative Software Inc

[2012/01/13 22:28:07 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\StepMania 5

[2012/06/07 19:54:07 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\SynthMaker

[2012/01/08 13:36:06 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\SystemRequirementsLab

[2011/11/11 04:11:29 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\The Creative Assembly

[2012/07/08 20:24:45 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\To the Moon

[2012/06/14 18:52:49 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\Unity

[2012/07/19 21:22:52 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\uTorrent

[2012/03/18 12:33:00 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\WindSolutions

[2012/06/15 07:45:07 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 7/20/2012 8:27:06 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ricky\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 51.41% Memory free

7.49 Gb Paging File | 5.08 Gb Available in Paging File | 67.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 282.98 Gb Total Space | 76.16 Gb Free Space | 26.91% Space Free | Partition Type: NTFS

Computer Name: RICKY-PC | User Name: Ricky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor

"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{2023DAEC-90C2-E042-909F-BFAD8AC9B60C}" = ATI Catalyst Install Manager

"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Mobile I/O

"{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Session I/O

"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B112FEE4-3837-420D-9C10-1C5D5436407A}" = ccc-utility64

"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3

"{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit)

"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists

"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Dell Color Printer 725" = Dell Color Printer 725

"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2

"PyScripter_is1" = PyScripter 2.4.6

"VLC media player" = VLC media player 1.3.0-git-20120103-0102

"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6

"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{212BA4B5-4ED0-CCFD-9675-9D3DE3D049B4}" = Catalyst Control Center Localization All

"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.9

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28DFDEAD-1084-0F3F-E068-9135FC876027}" = Catalyst Control Center InstallProxy

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}" = EZXPercussion

"{2FCA5F46-55AA-B96E-87FA-47F5811E33AD}" = CCC Help Dutch

"{30026C82-13BA-D7FF-E155-3D2B0C192A28}" = CCC Help Chinese Standard

"{32022218-B297-B983-025B-A03A1C2B202C}" = CCC Help Finnish

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{430399DC-98BC-4A7F-8F8E-77981CABAE05}" = EZXVintage

"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1" = Brytenwalda version 1.394

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{6617E770-55EE-587D-06FA-B49A8A6F2EF4}" = CCC Help Korean

"{679E3E0C-E913-CA59-6664-A54BE85193E2}" = CCC Help Spanish

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A408B2-80E0-9191-6FDF-6F8318E94B71}" = CCC Help Portuguese

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{76A32E41-F8B9-50B3-5CEE-DD42115DF9A2}" = CCC Help Chinese Traditional

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7EA8CE23-0C8C-6784-635C-D4F8AFB59AB5}" = ccc-core-static

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi

"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic

"{813CFC98-FE1C-7249-49C8-017A227F8574}" = CCC Help Danish

"{8218F4EC-35C0-2CEB-1ABC-24E114270157}" = CCC Help Italian

"{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding

"{82DF9225-13EC-41BD-BE31-AAB121B38166}" = EZXNashville

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C1DE40-C1D3-9F4B-C5E1-12A3835FE1F0}" = CCC Help Polish

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FDE7841-D6E0-26FE-B923-D2F3533C7C9C}" = CCC Help Swedish

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR

"{91C6CFF0-F3A1-CB93-9072-446C8B8774C1}" = CCC Help Japanese

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{98ADCC35-E388-B4D7-1353-6964CEF74CF1}" = CCC Help French

"{98EE2259-4D34-6709-1447-6759E0C7C4E8}" = CCC Help Greek

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A38939B8-4DE7-896D-01FA-C183EA33BBDA}" = CCC Help Russian

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B60119FB-0A43-69BC-1D2C-EE3A91A85300}" = CCC Help Hungarian

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BAC8C2FD-1FF8-4615-B827-9042248121CB}" = Mobile Mouse Server

"{BE1738EB-A0EA-0A4F-F9A8-A8731F1B88CC}" = Catalyst Control Center Graphics Previews Common

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CAAB5F83-B7D1-6AD9-1D86-D37C3E1277C5}" = CCC Help Thai

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{D7AE3689-D40E-DAFE-385D-2B45308E59B6}" = CCC Help English

"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh

"{DD3E3DAA-B005-54D2-CF94-0C919F55CFCE}" = CCC Help Norwegian

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E11A86A7-B346-5FA0-A84B-8805B87580B4}" = CCC Help Turkish

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E8ED6EE9-B477-CD27-048A-6291A719A8A1}" = CCC Help German

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FB3EB614-9284-5C13-6BDB-C8915F180881}" = CCC Help Czech

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Any Video Converter_is1" = Any Video Converter 3.3.2

"ASIO4ALL" = ASIO4ALL

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)

"Diablo III" = Diablo III

"FL Studio 10" = FL Studio 10

"Game Booster_is1" = Game Booster 3

"Identity Card" = Identity Card

"IL Download Manager" = IL Download Manager

"Inkscape" = Inkscape 0.48.2

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"Katawa Shoujo" = Katawa Shoujo

"LAME for Audacity_is1" = LAME v3.98.3 for Audacity

"LastFM_is1" = Last.fm 1.5.4.27091

"LManager" = Launch Manager

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"MiniLyrics" = MiniLyrics

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"Native Instruments Controller Editor" = Native Instruments Controller Editor

"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5

"Native Instruments Guitar Rig Mobile I/O" = Native Instruments Guitar Rig Mobile I/O

"Native Instruments Guitar Rig Session I/O" = Native Instruments Guitar Rig Session I/O

"Native Instruments Rig Kontrol 3" = Native Instruments Rig Kontrol 3

"Native Instruments Service Center" = Native Instruments Service Center

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Opera 12.00.1467" = Opera 12.00

"PowerISO" = PowerISO

"PyScripter_is1" = PyScripter 2.5.3

"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k

"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)

"SpeedFan" = SpeedFan (remove only)

"StarCraft II" = StarCraft II

"Steam App 570" = Dota 2

"StepMania" = StepMania v5.0 alpha 1 (remove only)

"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0

"Unofficial Official Mods Patch_is1" = Unofficial Official Mods Patch v16

"Unofficial Shivering Isles Patch_is1" = Unofficial Shivering Isles Patch v1.5.0

"VLC media player" = VLC media player 1.1.11

"VST Bridge_is1" = VST Bridge 1.1

"WinLiveSuite" = Windows Live Essentials

"Wrye Bash" = Wrye Bash

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-326138110-2251153826-1828377263-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Freestyle GunZ Version 7" = Freestyle GunZ Version 7

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/28/2012 6:09:45 AM | Computer Name = Ricky-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/28/2012 6:09:45 AM | Computer Name = Ricky-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7410

Error - 6/28/2012 6:09:45 AM | Computer Name = Ricky-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7410

Error - 6/28/2012 6:09:46 AM | Computer Name = Ricky-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/28/2012 6:09:46 AM | Computer Name = Ricky-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 8409

Error - 6/28/2012 6:09:46 AM | Computer Name = Ricky-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 8409

Error - 6/28/2012 6:09:47 AM | Computer Name = Ricky-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/28/2012 6:09:47 AM | Computer Name = Ricky-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9407

Error - 6/28/2012 6:09:47 AM | Computer Name = Ricky-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9407

Error - 6/28/2012 1:37:58 PM | Computer Name = Ricky-PC | Source = Application Hang | ID = 1002

Description = The program opera.exe version 12.0.1467.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 818 Start

Time: 01cd554c1e2881eb Termination Time: 16 Application Path: C:\Program Files (x86)\Opera\opera.exe

Report

Id: fb20d183-c147-11e1-8dbe-b870f4b25692

[ Media Center Events ]

Error - 2/6/2012 11:59:30 AM | Computer Name = Ricky-PC | Source = MCUpdate | ID = 0

Description = 7:59:24 AM - Error connecting to the internet. 7:59:24 AM - Unable

to contact server..

Error - 2/8/2012 5:34:17 PM | Computer Name = Ricky-PC | Source = MCUpdate | ID = 0

Description = 1:34:17 PM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 2/14/2012 12:05:57 PM | Computer Name = Ricky-PC | Source = MCUpdate | ID = 0

Description = 8:05:57 AM - Error connecting to the internet. 8:05:57 AM - Unable

to contact server..

Error - 2/14/2012 12:06:12 PM | Computer Name = Ricky-PC | Source = MCUpdate | ID = 0

Description = 8:06:04 AM - Error connecting to the internet. 8:06:04 AM - Unable

to contact server..

Error - 2/16/2012 12:05:14 PM | Computer Name = Ricky-PC | Source = MCUpdate | ID = 0

Description = 8:05:13 AM - Error connecting to the internet. 8:05:13 AM - Unable

to contact server..

Error - 2/16/2012 12:05:27 PM | Computer Name = Ricky-PC | Source = MCUpdate | ID = 0

Description = 8:05:21 AM - Error connecting to the internet. 8:05:21 AM - Unable

to contact server..

Error - 2/28/2012 12:58:17 PM | Computer Name = Ricky-PC | Source = MCUpdate | ID = 0

Description = 8:58:17 AM - Error connecting to the internet. 8:58:17 AM - Unable

to contact server..

Error - 2/28/2012 12:58:32 PM | Computer Name = Ricky-PC | Source = MCUpdate | ID = 0

Description = 8:58:24 AM - Error connecting to the internet. 8:58:24 AM - Unable

to contact server..

Error - 3/1/2012 11:35:09 AM | Computer Name = Ricky-PC | Source = MCUpdate | ID = 0

Description = 7:35:09 AM - Error connecting to the internet. 7:35:09 AM - Unable

to contact server..

Error - 3/1/2012 11:35:24 AM | Computer Name = Ricky-PC | Source = MCUpdate | ID = 0

Description = 7:35:16 AM - Error connecting to the internet. 7:35:16 AM - Unable

to contact server..

[ System Events ]

Error - 7/19/2012 8:07:55 PM | Computer Name = Ricky-PC | Source = WMPNetworkSvc | ID = 866321

Description =

Error - 7/19/2012 8:07:55 PM | Computer Name = Ricky-PC | Source = WMPNetworkSvc | ID = 866317

Description =

Error - 7/20/2012 2:53:35 AM | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the NIHardwareService service.

Error - 7/20/2012 2:53:35 AM | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the TeamViewer7 service.

Error - 7/20/2012 2:53:55 AM | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 7/20/2012 2:53:55 AM | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 7/20/2012 11:13:59 AM | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 7/20/2012 11:13:59 AM | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 7/20/2012 11:13:59 AM | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 7/20/2012 11:13:59 AM | Computer Name = Ricky-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    [2012/05/26 19:46:50 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    CHR - homepage:
    CHR - Extension: uTorrentControl2 = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    O3 - HKU\S-1-5-21-326138110-2251153826-1828377263-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    [2012/07/19 16:59:04 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\00000008.@
    [2012/07/14 19:55:09 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000032.@
    [2012/07/14 19:54:58 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000000.@
    [2012/07/14 19:54:56 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000064.@
    [2012/07/14 19:54:56 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\L\00000004.@
    [2012/07/14 19:54:55 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\00000004.@
    [2012/07/14 19:54:45 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\000000cb.@
    [2010/11/20 20:23:51 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\@
    [2010/11/20 20:23:51 | 000,002,048 | -HS- | C] () -- C:\Users\Ricky\AppData\Local\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\@
    [2012/07/19 21:22:52 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\uTorrent

    :files
    C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}
    C:\Users\Ricky\AppData\Local\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-326138110-2251153826-1828377263-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

Registry value HKEY_USERS\S-1-5-21-326138110-2251153826-1828377263-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.

C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.

C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.

C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.

C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.

C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.

C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.

C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.

Use Chrome's Settings page to change the HomePage.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Options folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\rssItem folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\popup folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\icons\useful_components folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\icons\urlGadget folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\icons folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\base64\searchBox folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\base64\rssItem folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\base64\ifarme folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\base64\icons folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\base64\dyamincMenu folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media\base64 folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Media folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\services\translation folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\services\alerts folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\services folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\popup\view folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\popup folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\model folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\lib folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\xmlMenu\view folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\xmlMenu folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\urlGadget\view folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\urlGadget folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\multiRssItem\view folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\multiRssItem folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\menuPanel\view folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\menuPanel folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\dynamicMenu\view folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\dynamicMenu folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\contextMenu\view folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\contextMenu folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\container folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\components\view\InjectScript folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\components\view folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\components folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items\about folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\items folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\css folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\controller folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\API\component\view folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\API\component folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js\API folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\js folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\Css folder moved successfully.

C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0 folder moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-326138110-2251153826-1828377263-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.

Registry value HKEY_USERS\S-1-5-21-326138110-2251153826-1828377263-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\00000008.@ moved successfully.

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000032.@ moved successfully.

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000000.@ moved successfully.

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000064.@ moved successfully.

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\L\00000004.@ moved successfully.

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\00000004.@ moved successfully.

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\@ moved successfully.

C:\Users\Ricky\AppData\Local\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\@ moved successfully.

C:\Users\Ricky\AppData\Roaming\uTorrent\ie folder moved successfully.

C:\Users\Ricky\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.

C:\Users\Ricky\AppData\Roaming\uTorrent\apps folder moved successfully.

C:\Users\Ricky\AppData\Roaming\uTorrent folder moved successfully.

========== FILES ==========

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U folder moved successfully.

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834} scheduled to be moved on reboot.

C:\Users\Ricky\AppData\Local\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U folder moved successfully.

C:\Users\Ricky\AppData\Local\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\L folder moved successfully.

C:\Users\Ricky\AppData\Local\{9aaa8f11-afbe-ae98-4a64-43a74e0df834} folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Ricky\Desktop\cmd.bat deleted successfully.

C:\Users\Ricky\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56900 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 4943 bytes

->Temporary Internet Files folder emptied: 28158117 bytes

->Flash cache emptied: 57230 bytes

User: Public

User: Ricky

->Temp folder emptied: 5626928468 bytes

->Temporary Internet Files folder emptied: 26298581 bytes

->Java cache emptied: 2921562 bytes

->Google Chrome cache emptied: 104138616 bytes

->Opera cache emptied: 61010912 bytes

->Flash cache emptied: 199387 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 129841254 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 741607894 bytes

Total Files Cleaned = 6,410.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07202012_171137

Files\Folders moved on Reboot...

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U folder moved successfully.

C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834} folder moved successfully.

C:\Users\Ricky\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834} not found!

File C:\Users\Ricky\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Ah, I hope you had a nice birthday ^^

ComboFix 12-07-21.01 - Ricky 07/22/2012 15:06:24.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2691 [GMT -7:00]

Running from: c:\users\Ricky\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\SetPointII_000.log

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))

.

.

2012-07-22 22:24 . 2012-07-22 22:24 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-07-22 22:24 . 2012-07-22 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-21 00:11 . 2012-07-21 00:11 -------- d-----w- C:\_OTL

2012-07-19 03:57 . 2012-07-19 04:31 -------- d-----w- c:\users\Ricky\SNES

2012-07-17 17:02 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-15 05:48 . 2012-07-20 03:23 -------- d-----w- c:\users\Ricky\Mount and Blade

2012-07-15 05:42 . 2012-07-17 01:50 -------- d-----w- c:\users\Ricky\AppData\Roaming\Mount&Blade Warband

2012-07-15 03:08 . 2012-07-15 03:08 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-13 07:38 . 2000-07-09 00:06 87040 ----a-w- c:\windows\UnGins.exe

2012-07-13 07:38 . 2012-07-13 07:38 -------- d-----w- c:\program files (x86)\ASCII

2012-07-12 06:26 . 2012-07-12 06:26 -------- d-----w- c:\users\Ricky\AppData\Roaming\Rainmeter

2012-07-09 03:10 . 2012-07-09 03:24 -------- d-----w- c:\users\Ricky\AppData\Roaming\To the Moon

2012-07-09 03:05 . 2012-07-09 03:05 -------- d-----w- C:\Downloads

2012-07-08 03:11 . 2012-07-20 07:25 -------- d-----w- c:\program files (x86)\Project Zomboid

2012-07-08 01:14 . 2012-07-20 01:47 -------- d-----w- c:\programdata\HappyCloud

2012-07-07 18:16 . 2012-07-07 18:16 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-07-06 01:45 . 2012-07-06 01:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-07-02 08:27 . 2012-07-22 21:03 -------- d-----w- c:\program files (x86)\Freestyle GunZ Version 7

2012-06-29 23:51 . 2012-06-29 23:51 -------- d-----w- c:\users\Ricky\AppData\Local\LogiShrd

2012-06-29 23:50 . 2012-06-29 23:50 -------- d-----w- c:\users\Ricky\AppData\Roaming\Leadertech

2012-06-29 23:48 . 2012-06-29 23:50 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd

2012-06-29 23:48 . 2012-06-29 23:48 -------- d-----w- c:\program files\Logitech

2012-06-29 23:48 . 2012-06-29 23:49 -------- d-----w- c:\program files\Common Files\Logishrd

2012-06-29 23:48 . 2012-06-29 23:48 -------- d-----w- c:\programdata\LogiShrd

2012-06-29 23:31 . 2012-06-29 23:31 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2012-06-28 04:06 . 2012-06-28 04:06 -------- d-----w- c:\program files (x86)\2K Games

2012-06-28 04:03 . 2012-06-28 04:03 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2012-06-28 04:03 . 2012-06-28 04:03 -------- d-----w- c:\windows\SysWow64\AGEIA

2012-06-28 04:03 . 2012-06-28 04:03 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-06-25 20:02 . 2012-06-25 20:18 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2012-06-25 20:01 . 2012-06-25 20:17 -------- d-----w- c:\programdata\HitmanPro

2012-06-25 17:36 . 2012-06-25 17:36 -------- d-----w- c:\users\Ricky\AppData\Roaming\Malwarebytes

2012-06-25 17:36 . 2012-06-25 17:36 -------- d-----w- c:\programdata\Malwarebytes

2012-06-25 17:36 . 2012-07-17 17:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 18:29 . 2012-04-29 01:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 18:29 . 2011-10-31 11:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-20 20:47 . 2012-06-20 20:35 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-06-20 20:47 . 2012-06-20 19:29 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-06-16 00:17 . 2012-06-16 00:17 28096 ----a-w- c:\windows\system32\xfcodec64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-07 1242448]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2011-9-3 1106432]

SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]

R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-06-25 30496]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-03 22528]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-01 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-04-26 22912]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-04-26 20328]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-04-26 62584]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-28 203264]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-05 867712]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-28 7877120]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-28 285696]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-28 38528]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 18:29]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326138110-2251153826-1828377263-1001Core.job

- c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 23:57]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-326138110-2251153826-1828377263-1001UA.job

- c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 23:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-05 860040]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-28 12459112]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

FF - ProfilePath - c:\users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\bdnas4ru.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1 - c:\users\Ricky\Napoleonic Wars\Modules\Brytenwalda\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-326138110-2251153826-1828377263-1001\Software\SecuROM\License information*]

"datasecu"=hex:38,6a,c1,d4,f1,30,c8,4e,10,2e,a0,2a,ab,21,b7,2f,4a,e3,eb,4e,0f,

4a,55,b5,54,ca,74,9a,04,26,ba,7c,d8,fb,5b,af,66,2e,69,a5,5c,09,3d,48,bb,bc,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\IObit\Game Booster 3\gbtray.exe

.

**************************************************************************

.

Completion time: 2012-07-22 15:44:54 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-22 22:44

.

Pre-Run: 92,833,484,800 bytes free

Post-Run: 92,486,062,080 bytes free

.

- - End Of File - - C5EDDAC842AA59B115AAB36876C0E3F8

Link to post
Share on other sites

The best birthday party. Thanks! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

That's good to hear ^^ You deserve it :D

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5c62fb2b8e8b9e4387d2e85bc07d252b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-24 06:13:29

# local_time=2012-07-23 11:13:29 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 0 94643671 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=650533

# found=5

# cleaned=5

# scan_time=10188

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07202012_171137\C_Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07202012_171137\C_Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07202012_171137\C_Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07202012_171137\C_Windows\Installer\{9aaa8f11-afbe-ae98-4a64-43a74e0df834}\U\80000064.@ Win64/Sirefef.AN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.