everything seems to be running good, I have not done anything online as everything was turned off but it seems to be loading great.
here is 1ST half OTL
OTL logfile created on: 3/5/2012 5:34:47 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 36.06% Memory free
5.49 Gb Paging File | 3.51 Gb Available in Paging File | 63.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 86.29 Gb Free Space | 63.01% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/03/05 17:33:07 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/03 08:15:38 | 003,386,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/11/03 08:15:31 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/10/19 10:22:58 | 003,997,912 | ---- | M] (Webroot Software, Inc. (
www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/10/19 10:22:36 | 000,158,048 | ---- | M] (Webroot Software, Inc. (
www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2011/09/02 06:07:52 | 000,107,864 | ---- | M] (Upromise, Inc.) -- C:\Program Files (x86)\Upromise\UpromiseGlobalCache.exe
PRC - [2011/09/02 06:07:50 | 000,279,896 | ---- | M] (Upromise, Inc.) -- C:\Program Files (x86)\Upromise\UpromiseTray.exe
PRC - [2011/08/04 13:31:12 | 000,267,584 | ---- | M] (Compete, Inc.) -- C:\Program Files (x86)\Upromise\dca-ua.exe
PRC - [2011/07/21 15:01:26 | 001,477,304 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\cleanup\WRCleanupEngine.exe
PRC - [2011/03/09 09:09:44 | 015,233,104 | ---- | M] (Sharpcast, Inc.) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\sync\WRSyncManager.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/10/29 06:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/21 21:53:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/09/10 08:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 04:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/03 08:15:34 | 002,558,976 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2011/09/04 18:26:57 | 001,572,864 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\FCTB000062781\Toolbar\Toolbar.dll
MOD - [2011/09/04 18:26:57 | 001,572,864 | ---- | M] () -- C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
MOD - [2011/09/04 18:26:57 | 000,361,472 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\FCTB000062781\Toolbar\Helper.dll
MOD - [2011/09/04 18:26:57 | 000,361,472 | ---- | M] () -- C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll
MOD - [2011/07/06 11:45:28 | 000,897,624 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\plugins\browserextension\PTCBHOPlugin.dll
MOD - [2011/07/01 19:54:00 | 000,366,592 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\FCTB000062781\Toolbar\RSSReader_plugin.dll
MOD - [2011/07/01 19:53:38 | 000,395,264 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\FCTB000062781\Toolbar\RadioPlugin.dll
MOD - [2011/07/01 19:53:10 | 000,219,136 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\FCTB000062781\Toolbar\SearchComponent.dll
MOD - [2011/07/01 19:52:42 | 000,274,432 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\FCTB000062781\Toolbar\bookmarksplugin.dll
MOD - [2011/07/01 19:52:24 | 000,480,768 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\FCTB000062781\Toolbar\emailchecker_plugin.dll
MOD - [2011/07/01 19:52:02 | 000,281,088 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\FCTB000062781\Toolbar\weatherplugin.dll
MOD - [2011/07/01 19:51:44 | 000,294,400 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\FCTB000062781\Toolbar\msgboxplugin.dll
MOD - [2011/03/09 08:40:08 | 007,446,528 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\plugins\sync\QtGui4.dll
MOD - [2011/03/09 08:40:08 | 000,671,744 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\plugins\sync\QtNetwork4.dll
MOD - [2011/03/09 08:40:08 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\plugins\sync\QtXml4.dll
MOD - [2011/03/09 08:40:06 | 002,027,520 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\plugins\sync\QtCore4.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
========== Win32 Services (SafeList) ==========
SRV:
64bit: - [2011/05/02 09:46:38 | 000,109,864 | ---- | M] (Privacyware/PWI, Inc.) [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\pwipf6.sys -- (pwipf6)
SRV:
64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:
64bit: - [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/02/12 15:05:30 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/03 08:15:38 | 003,386,840 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/10/19 10:22:58 | 003,997,912 | ---- | M] (Webroot Software, Inc. (
www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/09/30 16:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:
64bit: - [2011/07/11 09:07:54 | 000,136,224 | ---- | M] (Webroot Software, Inc. (
www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:
64bit: - [2011/07/11 09:07:50 | 000,056,920 | ---- | M] (Webroot Software, Inc. (
www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:
64bit: - [2011/05/02 09:46:38 | 000,109,864 | ---- | M] (Privacyware/PWI, Inc.) [Unknown (-1) | Unknown (-1) | Running] -- C:\Windows\SysNative\drivers\pwipf6.sys -- (pwipf6)
DRV:
64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/04/27 12:40:58 | 000,388,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7064.sys -- (rt70x64)
DRV:
64bit: - [2009/11/11 20:35:24 | 000,225,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:
64bit: - [2009/11/05 23:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:
64bit: - [2009/10/22 01:23:18 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:
64bit: - [2009/10/22 01:23:18 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:
64bit: - [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:
64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:
64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:
64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:
64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:
64bit: - [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:
64bit: - [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:
64bit: - [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:
64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2011/03/09 09:06:20 | 000,026,040 | ---- | M] (Webroot Software Inc (
www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Webroot\Security\Current\plugins\cleanup\wrssweep.sys -- (wrssweep)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360210d505l0424z135t4452x25n
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360210d505l0424z135t4452x25n
IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360210d505l0424z135t4452x25n
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?ilc=5
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Helper.dll ()
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\SearchScopes\{83702D08-CC14-4C3E-96A6-D279C544607D}: "URL" = http://www.ask.com/web?q={searchTerms}&search=search&qsrc=0&o=0&l=dir
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\SearchScopes\{B576B582-A7C4-499B-95EE-E24E0A71C35C}: "URL" = http://ws.infospace.com/gamers_brw/ws/redir?_iceUrl=true&user_id=%userid&tool_id=%toolid&qkw={searchTerms}
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
IE - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "|http://www.yahoo.com/"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:7.0.2.4181
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.368
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}:1.72.0
FF - prefs.js..extensions.enabledItems: {3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}:1.0
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_20\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}: C:\Program Files (x86)\Webroot\Security\current\plugins\browserextension\ff_ptc\ [2011/08/03 21:08:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/21 13:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 18:17:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
[2010/07/04 18:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/01/29 17:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yu18mxuq.default\extensions
[2011/03/17 08:13:37 | 000,000,000 | ---D | M] (Webroot) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yu18mxuq.default\extensions\{7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}
[2012/01/29 17:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yu18mxuq.default\extensions\staged
[2010/09/16 08:28:39 | 000,002,151 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yu18mxuq.default\searchplugins\ask-jeeves.xml
[2010/08/18 12:51:06 | 000,001,832 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yu18mxuq.default\searchplugins\bing.xml
[2011/07/30 01:13:20 | 000,002,055 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yu18mxuq.default\searchplugins\daemon-search.xml
[2011/12/10 10:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/03 21:08:52 | 000,000,000 | ---D | M] (Webroot malicious URL filtering) -- C:\PROGRAM FILES (X86)\WEBROOT\SECURITY\CURRENT\PLUGINS\BROWSEREXTENSION\FF_PTC
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU18MXUQ.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YU18MXUQ.DEFAULT\EXTENSIONS\FFTOOLBAR@UPROMISE.XPI
[2012/01/21 13:24:36 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/20 15:21:17 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/11/21 05:18:38 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/01/21 13:24:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/21 13:24:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
O1 HOSTS File: ([2012/03/05 09:04:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O2 - BHO: (WebrootBHO Class) - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files (x86)\Webroot\Security\Current\plugins\browserextension\WebrootBHO.dll (Webroot Software, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_20\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Webroot Browser Helper Object) - {e08861fe-8847-4b2a-8ec2-08edb20e4020} - C:\Program Files (x86)\Webroot\Security\Current\products\WISE\toolbar\LPBar.dll (Webroot Software, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files (x86)\Webroot\Security\Current\products\WISE\toolbar\LPBar.dll (Webroot Software, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O4:
64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:
64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" File not found
O4:
64bit: - HKLM..\Run: [ATT-SST_UninstallTracking] C:\Users\Owner\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST File not found
O4:
64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe (Upromise, Inc.)
O4 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000..\Run: [Upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe (Compete, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:
64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O15 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKU\S-1-5-21-4163090722-2340137853-366069492-1000\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883}
http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{856ED3C4-B8B5-470E-B3C2-641E5FDB459F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A918BBD-5D51-45C6-9872-785B10CB5AFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC48E262-04F8-4DE7-AA66-536313088B58}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:
64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS
http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/03/05 08:43:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/05 08:17:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/05 07:30:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/05 07:30:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/05 07:30:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/05 07:30:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/05 07:30:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/05 07:29:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/05 07:17:10 | 004,427,148 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/03/04 17:20:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\bootkit_remover
[2012/03/04 16:57:22 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/03/04 15:53:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2012/03/03 21:14:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/03/03 17:03:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/03/03 17:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/03 17:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/03 17:03:26 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/03 17:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/03 17:02:04 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/03 16:47:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\breast pump_files
[2012/02/18 02:24:35 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2012/02/06 16:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pure Networks
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]