Jump to content

Trazza

Members
 View Profile  See their activity

  • Posts

    158

  • Joined

  • Last visited

 Content Type 

Everything posted by Trazza

  1. Trazza
    Hi Starbuck Everything seems to be behaving great and you said to get back to you so that we can finish off the cleaning. Just one more thing if it's not too much trouble, Is there anyway that I can see what programs I have running on start up only it seems to take forever when I first start the laptop. I have seen that it's possible via the OTL report to see what is running on start up but as I can't make head nor tail of the OTL report and I honestly have not got a clue as to what is necessary and what is not. If I got rid of a few of the unnecessary ones then the laptop might load quicker. Also I wish to donate when we have finished but dont have my own paypal account, would it be possible to donate through my son's account or would he need to become a member. Many thanks Trazza
  2. Trazza
    cheers Starbuck that would be great I will post back later in the week. You have my gratefull thanks once again. Trazza
  3. Trazza
    Hi Starbuck Have uninstalled the Graphics driver then reinstalled it again. Was worried that I had done something wrong because it seemed to reboot in safe mode after the uninstall but I went through the steps as you told me and it all seems ok now. I will just have to wait and see if i get the text box again saying it's not functioning to know for sure but hopefully I will never see it again. Done the OTL fix and here is the report All processes killed ========== OTL ========== No active process named Program Files was found! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully. C:\Program Files (x86)\Ask.com\Updater folder moved successfully. C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully. C:\Program Files (x86)\Ask.com\assets folder moved successfully. C:\Program Files (x86)\Ask.com folder moved successfully. C:\Users\Ste\AppData\Local\APN\GoogleCRXs folder moved successfully. C:\Users\Ste\AppData\Local\APN folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 36001094 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ste ->Temp folder emptied: 4614610 bytes ->Temporary Internet Files folder emptied: 90456 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 62329106 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 782 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 167428 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes RecycleBin emptied: 122710534 bytes Total Files Cleaned = 215.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01242012_112018 Files\Folders moved on Reboot... C:\Users\Ste\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot... Once again thank you so much Trazza
  4. Trazza
    Hi Starbuck I will have a go at uninstalling/reinstalling the graphic card adaptor thingy. As for Ask toolbar there is definatly no mention of it in add/remove programs. I tried to take a screen shot of it but when i pasted it in I got an error message saying The text that you have entered is too long (310662 characters). Please shorten it to 80000 characters long so I must have done something wrong again Well at least I tried OTL fix would be appreciated. Thanks Trazza
  5. Trazza
    Sorry forgot to mention I have removed Registry Mechanic 10.0 Thanks for your continued assistance Trazza
  6. Trazza
    Hi Starbuck going through the steps above 1 The device manager said "the best driver software for your device is installed. I have not uninstalled it because frankly when you wrote "Double click on Display Adapters then right click on the name that is shown and click on uninstall. To reinstall the drivers right click on your Graphics card name and finally click Update Driver Software" I was'nt sure if I would be able to find the graphics card name in the list. (I really am sorry for being such a scaredy cat). but I do have the knack for beggering things up. I can't find the ASK toolbar in the add/remove programe list and don't know any other way to remove it. On a much more positive note I did remove all Java products and following your instructions have now got Javaupdate2(64bit) installed and as a double check went to add/remove programe list and checked that it is the only one there and great news it is. Last but not least here is the latest OTL report All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\ deleted successfully. File {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll File not found not found. ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully. ADS C:\ProgramData\Temp:E1F04E8D deleted successfully. ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Ste\Downloads\cmd.bat deleted successfully. C:\Users\Ste\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ste ->Temp folder emptied: 5300067 bytes ->Temporary Internet Files folder emptied: 205842692 bytes ->Java cache emptied: 16373661 bytes ->FireFox cache emptied: 52415263 bytes ->Google Chrome cache emptied: 435720048 bytes ->Flash cache emptied: 109191 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67429 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 683.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 01232012_193704 Files\Folders moved on Reboot... File\Folder C:\Users\Ste\AppData\Local\Temp\CVHLauncher(201201231701311480).log not found! C:\Users\Ste\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot...
  7. Trazza
    OTL files OTL logfile created on: 23/01/2012 16:10:57 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ste\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 50.88% Memory free 5.48 Gb Paging File | 4.13 Gb Available in Paging File | 75.42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.99 Gb Total Space | 198.49 Gb Free Space | 69.41% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: v5i09 | User Name: Ste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ste\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.) PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe (LogMeIn, Inc.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) PRC - C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll () MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (LMIRescueUA_1424670) LogMeIn Rescue (1424670) -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe (Symantec Corporation) SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (KService) -- C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys (Symantec Corporation) DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120122.004\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120122.004\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120120.002\IDSviA64.sys (Symantec Corporation) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111223.001\BHDrvx64.sys (Symantec Corporation) DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1ae72087-d825-4524-9ecd-9ec7c685b9b3%7D&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-10%2012%3A11%3A37&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/12/25 12:08:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/22 20:24:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/16 21:39:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/01/18 17:36:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/01/23 15:54:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 13:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/01 21:33:19 | 000,000,000 | ---D | M] [2011/09/08 18:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Extensions [2012/01/19 18:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions [2012/01/20 22:11:51 | 000,000,000 | ---D | M] ("Support.com Toolbar") -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions\toolbar@ask.com [2012/01/19 19:26:46 | 000,002,472 | ---- | M] () -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\searchplugins\safesearch.xml [2011/09/08 18:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/01/23 15:54:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012/01/18 17:36:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN () (No name found) -- C:\USERS\STE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\73HPPIBO.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI [2012/01/15 13:25:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npBBCPlugin.dll [2011/10/21 16:01:16 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/01/16 21:37:25 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011/10/21 16:01:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/21 16:01:16 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/10/21 16:01:16 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/10/21 16:01:16 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B9E5A093-7965-4648-82FE-B5D2292A3412}&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&lang=us&ds=AVG&pr=fr&d=2011-12-10 12:11:37&v=10.0.0.7&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google Search = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: AVG Safe Search = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\ CHR - Extension: Gmail = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2012/01/23 15:55:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\_NowIntoDT.vbs File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1BF8E44-BF99-4A3A-AC7B-AC44AF9636D0}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/23 15:55:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/01/22 08:59:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/01/22 08:59:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/01/22 08:59:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/01/22 08:58:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/01/22 08:55:11 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/01/20 22:18:59 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/19 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Malwarebytes [2012/01/19 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/19 19:21:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/19 18:46:42 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Systweak [2012/01/19 18:46:41 | 000,018,816 | ---- | C] (Systweak Inc., (http://www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2012/01/19 18:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012/01/19 18:38:33 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\APN [2012/01/18 17:37:15 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2012/01/18 16:56:11 | 001,084,024 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys [2012/01/18 16:56:11 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys [2012/01/18 16:56:11 | 000,401,016 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys [2012/01/18 16:56:11 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys [2012/01/18 16:56:10 | 000,729,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys [2012/01/18 16:56:10 | 000,189,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys [2012/01/18 16:56:09 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys [2012/01/18 16:55:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A [2012/01/18 14:13:53 | 000,073,648 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll [2012/01/18 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended [2012/01/18 14:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Applet [2012/01/18 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ste\Documents\Symantec [2012/01/18 13:46:08 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012/01/18 13:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012/01/18 13:44:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012/01/18 13:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012/01/18 13:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012/01/11 18:33:31 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012/01/11 18:33:31 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012/01/11 18:33:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012/01/11 18:33:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012/01/11 18:33:29 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/01/11 18:33:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/01/11 18:33:27 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012/01/11 18:33:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012/01/11 18:33:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012/01/02 01:23:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Deliveries [2012/01/01 21:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Download Manager [2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kontiki [2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kontiki [2012/01/01 21:32:40 | 000,000,000 | ---D | C] -- C:\logs3 [2010/01/16 03:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/23 16:06:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/23 16:06:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/23 16:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/23 15:55:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/01/23 15:53:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/23 15:53:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/23 15:52:57 | 2207,338,496 | -HS- | M] () -- C:\hiberfil.sys [2012/01/23 15:32:26 | 000,001,137 | ---- | M] () -- C:\Users\Ste\Desktop\ComboFix.exe - Shortcut.lnk [2012/01/20 19:27:57 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2012/01/20 00:11:54 | 000,001,168 | ---- | M] () -- C:\Users\Ste\Desktop\Hamster Free Video Converter.lnk [2012/01/19 19:25:53 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 17:33:37 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/01/18 17:30:04 | 001,948,279 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2012/01/18 16:56:12 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2012/01/18 14:13:00 | 000,073,648 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll [2012/01/18 13:46:08 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/01/18 13:46:08 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/01/18 13:46:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/01/16 20:05:30 | 003,271,755 | ---- | M] () -- C:\Users\Ste\Desktop\IMG_0026.JPG [2012/01/16 20:05:20 | 002,775,912 | ---- | M] () -- C:\Users\Ste\Desktop\IMG_0025.JPG [2012/01/15 23:53:58 | 000,004,331 | ---- | M] () -- C:\Users\Ste\Documents\emma music.odt [2012/01/15 23:50:16 | 016,101,290 | ---- | M] () -- C:\Users\Ste\Desktop\Music 6.zip [2012/01/15 23:49:57 | 024,567,996 | ---- | M] () -- C:\Users\Ste\Desktop\Music 5.zip [2012/01/15 23:49:43 | 014,972,491 | ---- | M] () -- C:\Users\Ste\Desktop\Music 4.zip [2012/01/15 23:49:33 | 024,154,679 | ---- | M] () -- C:\Users\Ste\Desktop\Music 3.zip [2012/01/15 23:49:21 | 022,032,419 | ---- | M] () -- C:\Users\Ste\Desktop\Music 2.zip [2012/01/15 23:49:05 | 020,879,424 | ---- | M] () -- C:\Users\Ste\Desktop\Music 1.zip [2012/01/11 18:17:47 | 362,880,296 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/01/11 13:21:30 | 000,732,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/01/11 13:21:30 | 000,616,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/01/11 13:21:30 | 000,106,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/01/08 18:05:15 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/01/01 21:33:25 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/23 15:32:26 | 000,001,137 | ---- | C] () -- C:\Users\Ste\Desktop\ComboFix.exe - Shortcut.lnk [2012/01/22 08:59:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/01/22 08:59:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/01/22 08:59:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/01/22 08:59:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/01/22 08:59:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/01/19 22:37:20 | 003,271,755 | ---- | C] () -- C:\Users\Ste\Desktop\IMG_0026.JPG [2012/01/19 22:37:19 | 002,775,912 | ---- | C] () -- C:\Users\Ste\Desktop\IMG_0025.JPG [2012/01/19 19:21:31 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 17:29:05 | 001,948,279 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2012/01/18 16:56:41 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2012/01/18 16:56:11 | 000,007,502 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat [2012/01/18 16:56:11 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.cat [2012/01/18 16:56:11 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet64.cat [2012/01/18 16:56:11 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa.inf [2012/01/18 16:56:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds.inf [2012/01/18 16:56:11 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet.inf [2012/01/18 16:56:10 | 000,007,504 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.cat [2012/01/18 16:56:10 | 000,007,500 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.cat [2012/01/18 16:56:10 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.cat [2012/01/18 16:56:10 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.inf [2012/01/18 16:56:10 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.inf [2012/01/18 16:56:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.inf [2012/01/18 16:56:09 | 000,007,510 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.cat [2012/01/18 16:56:09 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.inf [2012/01/18 16:55:52 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini [2012/01/18 13:46:08 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/01/18 13:46:08 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/01/18 13:46:06 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/01/15 23:53:44 | 000,004,331 | ---- | C] () -- C:\Users\Ste\Documents\emma music.odt [2012/01/15 23:50:15 | 016,101,290 | ---- | C] () -- C:\Users\Ste\Desktop\Music 6.zip [2012/01/15 23:49:55 | 024,567,996 | ---- | C] () -- C:\Users\Ste\Desktop\Music 5.zip [2012/01/15 23:49:41 | 014,972,491 | ---- | C] () -- C:\Users\Ste\Desktop\Music 4.zip [2012/01/15 23:49:31 | 024,154,679 | ---- | C] () -- C:\Users\Ste\Desktop\Music 3.zip [2012/01/15 23:49:19 | 022,032,419 | ---- | C] () -- C:\Users\Ste\Desktop\Music 2.zip [2012/01/15 23:49:04 | 020,879,424 | ---- | C] () -- C:\Users\Ste\Desktop\Music 1.zip [2012/01/01 21:33:25 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk [2011/11/23 14:18:43 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Roaming\wklnhst.dat [2011/10/30 21:50:21 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini [2011/10/21 17:40:23 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/10/21 17:40:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/05/11 19:57:29 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Local\{7D6DDE49-71B4-435D-A250-23D4193D40C2} [2010/12/18 14:29:29 | 000,011,776 | ---- | C] () -- C:\Users\Ste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/13 22:25:30 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2010/08/20 18:29:16 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/01/16 03:12:47 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010/01/16 03:12:47 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/01/16 03:12:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/01/16 03:12:46 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010/01/16 03:12:46 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > OTL Extras logfile created on: 23/01/2012 16:10:57 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ste\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 50.88% Memory free 5.48 Gb Paging File | 4.13 Gb Available in Paging File | 75.42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.99 Gb Total Space | 198.49 Gb Free Space | 69.41% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: v5i09 | User Name: Ste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 26 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1 "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1 "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "BBC iPlayer Download Manager" = BBC iPlayer Download Manager "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1 "DivX Setup.divx.com" = DivX Setup "Football Manager 2008" = Football Manager 2008 "Google Chrome" = Google Chrome "Hamster Free Video Converter_is1" = HamsterFreeVideoConverter "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "Mario Forever 5.0" = Mario Forever 5.0 "Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB) "NIS" = Norton Internet Security "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Rapport_msi" = Rapport "RealPlayer 12.0" = RealPlayer "Registry Mechanic_is1" = Registry Mechanic 10.0 "Steam App 24780" = SimCity 4 Deluxe "Steam App 34220" = Football Manager 2011 "Steam App 71270" = Football Manager 2012 "WinLiveSuite" = Windows Live Essentials "Xvid Video Codec 1.3.1" = Xvid Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20/01/2012 18:07:53 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5697874 Error - 20/01/2012 18:07:53 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5697874 Error - 20/01/2012 18:07:54 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 20/01/2012 18:07:54 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5699372 Error - 20/01/2012 18:07:54 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5699372 Error - 20/01/2012 18:07:55 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 20/01/2012 18:07:55 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5700510 Error - 20/01/2012 18:07:55 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5700510 Error - 20/01/2012 18:29:31 | Computer Name = v5i09 | Source = Application Virtualization Client | ID = 6032 Description = {tid=BF0:usr=Ste} A temporary settings file was found. This file ( C:\Users\Ste\AppData\Local\Q$_140061.ENU_SoftGridUserSettings_settings.cp.temp ) may be corrupt and will be deleted Error - 20/01/2012 18:31:16 | Computer Name = v5i09 | Source = Wininit | ID = 1015 Description = A critical system process, C:\Windows\system32\lsass.exe, failed with status code 00000000. The machine must now be restarted. [ System Events ] Error - 23/01/2012 11:08:53 | Computer Name = v5i09 | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 23/01/2012 11:08:53 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 23/01/2012 11:08:53 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7034 Description = The vToolbarUpdater service terminated unexpectedly. It has done this 1 time(s). Error - 23/01/2012 11:10:05 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 23/01/2012 11:10:13 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 23/01/2012 11:12:56 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7022 Description = The KService service hung on starting. Error - 23/01/2012 11:40:49 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7034 Description = The LogMeIn Rescue (1424670) service terminated unexpectedly. It has done this 1 time(s). Error - 23/01/2012 11:46:50 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 23/01/2012 11:52:08 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 23/01/2012 11:54:43 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7022 Description = The KService service hung on starting. < End of report >
  8. Trazza
    Hi Starbuck I'm assuming you used Firefox to download it? Yes I was using firefox The report is showing that only the Anti Virus part of Norton was disabled: Sorry about that but I tried. My profile does say I'm pc illiterate C:\windows\system32\GfxUI.exe Did you copy this correctly? is the bolded part as it was shown? No nothing was bold i coppied it exactly as it was written. It happened again today whilst waiting for combofix to create the files but as it said not to run any programs until combofix had finished so I could'nt take a screen shot of it. Anyway here are the reports you asked for (I hope) ComboFix 12-01-23.02 - Ste 23/01/2012 15:42:37.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2807.1232 [GMT 0:00] Running from: c:\users\Ste\Downloads\ComboFix.exe Command switches used :: c:\users\Ste\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll c:\program files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll c:\program files (x86)\AVG Secure Search\about.gif c:\program files (x86)\AVG Secure Search\avguidx.dll c:\program files (x86)\AVG Secure Search\calc.gif c:\program files (x86)\AVG Secure Search\CleanHistory.gif c:\program files (x86)\AVG Secure Search\configuration.xml c:\program files (x86)\AVG Secure Search\current.gif c:\program files (x86)\AVG Secure Search\Facebook.gif c:\program files (x86)\AVG Secure Search\favicon.ico c:\program files (x86)\AVG Secure Search\feedback.gif c:\program files (x86)\AVG Secure Search\help.gif c:\program files (x86)\AVG Secure Search\icon18.gif c:\program files (x86)\AVG Secure Search\iGearedHelper.dll c:\program files (x86)\AVG Secure Search\labs.gif c:\program files (x86)\AVG Secure Search\lip.exe c:\program files (x86)\AVG Secure Search\MigrationTool.exe c:\program files (x86)\AVG Secure Search\note.gif c:\program files (x86)\AVG Secure Search\PageStatus.gif c:\program files (x86)\AVG Secure Search\PostInstall.exe c:\program files (x86)\AVG Secure Search\PostInstaller.ini c:\program files (x86)\AVG Secure Search\radio\bg.gif c:\program files (x86)\AVG Secure Search\radio\play.gif c:\program files (x86)\AVG Secure Search\radio\play_hover.gif c:\program files (x86)\AVG Secure Search\radio\radio.html c:\program files (x86)\AVG Secure Search\radio\radio.js c:\program files (x86)\AVG Secure Search\radio\stations.xml c:\program files (x86)\AVG Secure Search\radio\stop.gif c:\program files (x86)\AVG Secure Search\radio\stop_hover.gif c:\program files (x86)\AVG Secure Search\radio\v_minus.gif c:\program files (x86)\AVG Secure Search\radio\v_minus_1.gif c:\program files (x86)\AVG Secure Search\radio\v_plus.gif c:\program files (x86)\AVG Secure Search\radio\v_plus_1.gif c:\program files (x86)\AVG Secure Search\radio\vol_line_emp.gif c:\program files (x86)\AVG Secure Search\radio\vol_line_full.gif c:\program files (x86)\AVG Secure Search\radio\vol_line_half.gif c:\program files (x86)\AVG Secure Search\remote_configuration.xml c:\program files (x86)\AVG Secure Search\roc.exe c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe c:\program files (x86)\AVG Secure Search\search.gif c:\program files (x86)\AVG Secure Search\SecuredSearch.gif c:\program files (x86)\AVG Secure Search\setup.bmp c:\program files (x86)\AVG Secure Search\speed-test.gif c:\program files (x86)\AVG Secure Search\toolbar.zip c:\program files (x86)\AVG Secure Search\ToolbarBroker.exe c:\program files (x86)\AVG Secure Search\Uninstall.exe c:\program files (x86)\AVG Secure Search\weather.gif c:\program files (x86)\AVG Secure Search\windows.gif c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\10.0.6\CommonInstaller.exe c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\9.0.1\CommonInstaller.exe c:\program files (x86)\Common Files\AVG Secure Search\InstalledProducts.ini c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\10.0.6\ScriptHelper.exe c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\9.0.1\ScriptHelper.exe c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\10.0.6\toolband c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\UpdaterConfig.ini c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\UpdaterConfig.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_vToolbarUpdater . . ((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 ))))))))))))))))))))))))))))))) . . 2012-01-23 15:52 . 2012-01-23 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-20 22:18 . 2012-01-20 22:18 -------- d-----w- C:\_OTL 2012-01-19 19:21 . 2012-01-19 19:21 -------- d-----w- c:\users\Ste\AppData\Roaming\Malwarebytes 2012-01-19 19:21 . 2012-01-20 15:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-19 19:21 . 2012-01-19 19:21 -------- d-----w- c:\programdata\Malwarebytes 2012-01-19 19:21 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-19 18:46 . 2012-01-19 18:52 -------- d-----w- c:\users\Ste\AppData\Roaming\Systweak 2012-01-19 18:46 . 2011-11-19 11:52 18816 ----a-w- c:\windows\system32\roboot64.exe 2012-01-19 18:38 . 2012-01-19 18:38 -------- d-----w- c:\program files (x86)\Ask.com 2012-01-19 18:38 . 2012-01-19 18:38 -------- d-----w- c:\users\Ste\AppData\Local\APN 2012-01-18 17:37 . 2012-01-18 17:37 -------- d-----w- c:\windows\Internet Logs 2012-01-18 14:13 . 2012-01-18 14:13 73648 ----a-w- c:\windows\system32\unlock64.dll 2012-01-18 14:13 . 2012-01-18 14:13 -------- d-----w- c:\users\Ste\AppData\Local\LogMeIn Rescue Unattended 2012-01-18 14:12 . 2012-01-18 17:36 -------- d-----w- c:\users\Ste\AppData\Local\LogMeIn Rescue Applet 2012-01-18 13:46 . 2012-01-18 13:46 -------- d-----w- c:\program files\Symantec 2012-01-18 13:46 . 2012-01-18 13:46 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-01-18 13:46 . 2012-01-18 13:46 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-01-18 13:44 . 2012-01-18 17:35 -------- d-----w- c:\windows\system32\drivers\NISx64 2012-01-18 13:44 . 2012-01-18 13:44 -------- d-----w- c:\program files (x86)\Norton Internet Security 2012-01-18 13:33 . 2012-01-18 13:33 -------- d-----w- c:\program files (x86)\NortonInstaller 2012-01-15 13:25 . 2012-01-15 13:25 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-01-15 13:25 . 2012-01-15 13:25 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-01-15 13:25 . 2012-01-15 13:25 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-01-15 13:25 . 2012-01-15 13:25 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll 2012-01-11 18:33 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 18:33 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 18:33 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 18:33 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 18:33 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 18:33 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 18:33 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 18:33 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-01 21:33 . 2012-01-23 15:56 -------- d-----w- c:\programdata\Kontiki 2012-01-01 21:33 . 2012-01-01 21:33 -------- d-----w- c:\program files (x86)\Kontiki 2012-01-01 21:32 . 2012-01-01 21:32 -------- d-----w- C:\logs3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 12:06 . 2011-09-08 19:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-24 05:00 . 2011-12-14 23:30 3141632 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 05:26 . 2011-12-14 23:31 1197568 ----a-w- c:\windows\system32\wininet.dll 2011-11-05 05:23 . 2011-12-14 23:31 57856 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-05 05:17 . 2011-12-14 23:30 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-05 04:35 . 2011-12-14 23:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2011-11-05 04:34 . 2011-12-14 23:31 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-11-05 04:30 . 2011-12-14 23:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-11-05 04:07 . 2011-12-14 23:30 482816 ----a-w- c:\windows\system32\html.iec 2011-11-05 03:28 . 2011-12-14 23:30 386048 ----a-w- c:\windows\SysWow64\html.iec 2011-11-05 03:25 . 2011-12-14 23:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-11-05 02:55 . 2011-12-14 23:30 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-10-26 05:19 . 2011-12-14 23:31 43520 ----a-w- c:\windows\system32\csrsrv.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-22_09.20.24 ))))))))))))))))))))))))))))))))))))))))) . - 2010-08-20 18:02 . 2012-01-22 09:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-20 18:02 . 2012-01-23 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-20 18:02 . 2012-01-22 09:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-08-20 18:02 . 2012-01-23 15:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-08-20 18:02 . 2012-01-22 09:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-08-20 18:02 . 2012-01-23 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-08-20 17:59 . 2012-01-22 09:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-20 17:59 . 2012-01-23 15:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-20 17:59 . 2012-01-22 09:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-08-20 17:59 . 2012-01-23 15:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-01-22 09:17 . 2012-01-22 09:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-01-23 15:53 . 2012-01-23 15:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-01-22 09:17 . 2012-01-22 09:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-01-23 15:53 . 2012-01-23 15:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-01-22 09:16 310588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-01-23 15:52 310588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-10-25 22:54 . 2012-01-23 15:52 2794792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2920225602-1579159925-3658386297-1001-8192.dat - 2010-10-25 22:54 . 2012-01-22 09:16 2794792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2920225602-1579159925-3658386297-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-08-23 21:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-16 39408] "kdx"="c:\program files (x86)\Kontiki\KHost.exe" [2008-02-27 1032376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-01-13 265984] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-01-22 1287760] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-10-21 273528] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736] "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [bU] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNzA3OTI1ODA1LUZMMTArMS1GT0krMTEtRERUKzIzMDczLVRVRyszLUREMTBGKzEtUzEwRkRERisxLVNUMTBGQVBQKzEtRjEwTTEyRFQrMS1UQisxLVUxMCsxLUYxMFRCKzItU1QxMFRCRisx&prod=90&ver=10.0.1416" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 135664] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 135664] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-23 1157240] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120120.002\IDSvia64.sys [2012-01-17 488568] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-01-04 55056] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-01-04 61712] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-01-22 310352] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-01-18 842784] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336] S2 LMIRescueUA_1424670;LogMeIn Rescue (1424670);c:\users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe [2012-01-18 1906072] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-01-07 255744] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-01-04 931640] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-18 138360] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 18:10] . 2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 18:10] . 2012-01-20 c:\windows\Tasks\RMSchedule.job - c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-04-15 16:05] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-01-18 832544] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-14 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-14 390680] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-14 410136] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PLD_FrameworkRun"="c:\windows\system32\oem\_NowIntoDT.vbs" [bU] . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - FF - ProfilePath - c:\users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1ae72087-d825-4524-9ecd-9ec7c685b9b3%7D&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-10%2012%3A11%3A37&sap=ku&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKLM-Run-combofix - c:\combofix\CF17905.3XE . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2920225602-1579159925-3658386297-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2920225602-1579159925-3658386297-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Kontiki\KService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe c:\users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe c:\program files (x86)\Launch Manager\LMworker.exe . ************************************************************************** . Completion time: 2012-01-23 16:04:16 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-23 16:04 ComboFix2.txt 2012-01-22 09:30 . Pre-Run: 213,335,105,536 bytes free Post-Run: 213,051,600,896 bytes free . - - End Of File - - 3D02346F2515026B003069C747F100B7 OTL Files to follow
  9. Trazza
    Starbuck Also a box appeared with C:\windowsw\system32\GfxUI.exe A device attatched to your system is not functioning Ok I had to click the ok button to carry on Is this a problem or not? Thank's Trazza
  10. Trazza
  11. Trazza
    Just had a thought that could be important. The laptop that I'm having problems with has windows 7 (I think) installed and not XP as it says in my profile. The XP is installed on my desktop and old laptop
  12. Trazza
  13. Trazza
    I am in UK but the last post was off my main computer not the laptop I'm having issues with. Tried to edit my post when I realized what I had done but I must have done something wrong because it didn't edit:(
  14. Trazza
    Also don't know why but I've just realized that the time I'm posting my threads is different to the times you are displaying my threads came in at.
  15. Trazza
    Is this what you were talking about? OTL Extras logfile created on: 19/01/2012 21:19:14 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ste\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 15.70% Memory free 5.48 Gb Paging File | 3.20 Gb Available in Paging File | 58.37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.99 Gb Total Space | 199.76 Gb Free Space | 69.85% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: v5i09 | User Name: Ste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 26 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1 "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1 "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "BBC iPlayer Download Manager" = BBC iPlayer Download Manager "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1 "DivX Setup.divx.com" = DivX Setup "Football Manager 2008" = Football Manager 2008 "Google Chrome" = Google Chrome "Hamster Free Video Converter_is1" = HamsterFreeVideoConverter "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{F71C0208-1D32-439D-9257-F90F0BAACE6A}" = CM 03-04 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "Mario Forever 5.0" = Mario Forever 5.0 "Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB) "NIS" = Norton Internet Security "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Rapport_msi" = Rapport "RealPlayer 12.0" = RealPlayer "Registry Mechanic_is1" = Registry Mechanic 10.0 "Steam App 24780" = SimCity 4 Deluxe "Steam App 34220" = Football Manager 2011 "Steam App 71270" = Football Manager 2012 "WinLiveSuite" = Windows Live Essentials "Xvid Video Codec 1.3.1" = Xvid Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Wireless Connection" = Wireless Connection ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17/01/2012 17:02:25 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7316 Error - 17/01/2012 17:02:26 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 17/01/2012 17:02:26 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8361 Error - 17/01/2012 17:02:26 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8361 Error - 17/01/2012 17:02:27 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 17/01/2012 17:02:27 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9375 Error - 17/01/2012 17:02:27 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9375 Error - 17/01/2012 18:06:42 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 17/01/2012 18:06:42 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3864300 Error - 17/01/2012 18:06:42 | Computer Name = v5i09 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3864300 [ System Events ] Error - 17/01/2012 16:52:36 | Computer Name = v5i09 | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk1\DR2, has a bad block. Error - 17/01/2012 16:52:46 | Computer Name = v5i09 | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk1\DR2, has a bad block. Error - 17/01/2012 16:53:12 | Computer Name = v5i09 | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk1\DR3, has a bad block. Error - 18/01/2012 09:13:19 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7022 Description = The KService service hung on starting. Error - 18/01/2012 09:22:23 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7022 Description = The KService service hung on starting. Error - 18/01/2012 09:38:15 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7022 Description = The KService service hung on starting. Error - 18/01/2012 09:47:30 | Computer Name = v5i09 | Source = bowser | ID = 8003 Description = Error - 18/01/2012 13:33:20 | Computer Name = v5i09 | Source = EventLog | ID = 6008 Description = The previous system shutdown at 17:31:40 on ?18/?01/?2012 was unexpected. Error - 18/01/2012 13:35:23 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7022 Description = The KService service hung on starting. Error - 19/01/2012 14:26:43 | Computer Name = v5i09 | Source = Service Control Manager | ID = 7022 Description = The KService service hung on starting. < End of report >
  16. Trazza
    Here are the reports from MBAM and OTL Malwarebytes Anti-Malware 1.60.0.1800 http://www.malwarebytes.org Database version: v2012.01.19.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Ste :: v5i09 [administrator] 19/01/2012 19:31:53 mbam-log-2012-01-19 (19-31-53).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 396249 Time elapsed: 1 hour(s), 35 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware 1.60.0.1800 http://www.malwarebytes.org Database version: v2012.01.19.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Ste :: v5i09 [administrator] 19/01/2012 19:31:53 mbam-log-2012-01-19 (19-31-53).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 396249 Time elapsed: 1 hour(s), 35 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) OTL logfile created on: 19/01/2012 21:19:14 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ste\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 15.70% Memory free 5.48 Gb Paging File | 3.20 Gb Available in Paging File | 58.37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.99 Gb Total Space | 199.76 Gb Free Space | 69.85% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: v5i09 | User Name: Ste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Ste\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.) PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe (LogMeIn, Inc.) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) PRC - C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (LMIRescueUA_1424670) LogMeIn Rescue (1424670) -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.) SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe (Symantec Corporation) SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (KService) -- C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys (Symantec Corporation) DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120119.002\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120119.002\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120118.003\IDSviA64.sys (Symantec Corporation) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111223.001\BHDrvx64.sys (Symantec Corporation) DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co.uk/ig IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1ae72087-d825-4524-9ecd-9ec7c685b9b3%7D&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-10%2012%3A11%3A37&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/12/25 12:08:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/22 20:24:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/16 21:39:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/01/18 17:36:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/01/19 18:26:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 13:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/01 21:33:19 | 000,000,000 | ---D | M] [2011/09/08 18:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Extensions [2012/01/19 18:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions [2012/01/19 18:52:07 | 000,000,000 | ---D | M] (Support.com Toolbar) -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions\toolbar@ask.com [2012/01/19 19:26:46 | 000,002,472 | ---- | M] () -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\searchplugins\safesearch.xml [2011/09/08 18:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/01/19 18:26:25 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012/01/18 17:36:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN () (No name found) -- C:\USERS\STE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\73HPPIBO.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI [2012/01/15 13:25:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npBBCPlugin.dll [2011/10/21 16:01:16 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/01/16 21:37:25 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011/10/21 16:01:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/21 16:01:16 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/10/21 16:01:16 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/10/21 16:01:16 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B9E5A093-7965-4648-82FE-B5D2292A3412}&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&lang=us&ds=AVG&pr=fr&d=2011-12-10 12:11:37&v=10.0.0.7&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google Search = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: AVG Safe Search = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\ CHR - Extension: Gmail = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\_NowIntoDT.vbs File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found O4 - HKCU..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [innoSetupRegFile.0000000001] C:\Windows\is-RJTF1.exe () O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1BF8E44-BF99-4A3A-AC7B-AC44AF9636D0}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9c7d078d-6112-11e0-9b24-705ab6465987}\Shell - "" = AutoRun O33 - MountPoints2\{9c7d078d-6112-11e0-9b24-705ab6465987}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HallsLogon_All.exe - - File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/19 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Malwarebytes [2012/01/19 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/19 19:21:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/19 18:46:42 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Systweak [2012/01/19 18:46:41 | 000,018,816 | ---- | C] (Systweak Inc., (http://www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2012/01/19 18:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012/01/19 18:38:33 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\APN [2012/01/18 17:37:15 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2012/01/18 16:56:11 | 001,084,024 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys [2012/01/18 16:56:11 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys [2012/01/18 16:56:11 | 000,401,016 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys [2012/01/18 16:56:11 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys [2012/01/18 16:56:10 | 000,729,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys [2012/01/18 16:56:10 | 000,189,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys [2012/01/18 16:56:09 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys [2012/01/18 16:55:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A [2012/01/18 14:13:53 | 000,073,648 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll [2012/01/18 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended [2012/01/18 14:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Applet [2012/01/18 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ste\Documents\Symantec [2012/01/18 13:46:08 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012/01/18 13:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012/01/18 13:44:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012/01/18 13:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012/01/18 13:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012/01/11 18:33:31 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012/01/11 18:33:31 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012/01/11 18:33:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012/01/11 18:33:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012/01/11 18:33:29 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/01/11 18:33:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/01/11 18:33:27 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012/01/11 18:33:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012/01/11 18:33:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012/01/02 01:23:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Deliveries [2012/01/01 21:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Download Manager [2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kontiki [2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kontiki [2012/01/01 21:32:40 | 000,000,000 | ---D | C] -- C:\logs3 [2010/01/16 03:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/19 21:03:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/19 19:25:53 | 000,709,968 | ---- | M] () -- C:\Windows\is-RJTF1.exe [2012/01/19 19:25:53 | 000,010,498 | ---- | M] () -- C:\Windows\is-RJTF1.msg [2012/01/19 19:25:53 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/19 19:25:53 | 000,000,439 | ---- | M] () -- C:\Windows\is-RJTF1.lst [2012/01/19 19:23:50 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2012/01/19 18:33:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/19 18:33:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/19 18:29:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/19 18:24:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/19 18:24:01 | 2207,338,496 | -HS- | M] () -- C:\hiberfil.sys [2012/01/18 17:33:37 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/01/18 17:30:04 | 001,948,279 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2012/01/18 16:56:12 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2012/01/18 14:13:00 | 000,073,648 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll [2012/01/18 13:46:08 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/01/18 13:46:08 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/01/18 13:46:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/01/15 23:53:58 | 000,004,331 | ---- | M] () -- C:\Users\Ste\Documents\emma music.odt [2012/01/15 23:50:16 | 016,101,290 | ---- | M] () -- C:\Users\Ste\Desktop\Music 6.zip [2012/01/15 23:49:57 | 024,567,996 | ---- | M] () -- C:\Users\Ste\Desktop\Music 5.zip [2012/01/15 23:49:43 | 014,972,491 | ---- | M] () -- C:\Users\Ste\Desktop\Music 4.zip [2012/01/15 23:49:33 | 024,154,679 | ---- | M] () -- C:\Users\Ste\Desktop\Music 3.zip [2012/01/15 23:49:21 | 022,032,419 | ---- | M] () -- C:\Users\Ste\Desktop\Music 2.zip [2012/01/15 23:49:05 | 020,879,424 | ---- | M] () -- C:\Users\Ste\Desktop\Music 1.zip [2012/01/11 18:17:47 | 362,880,296 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/01/11 13:21:30 | 000,732,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/01/11 13:21:30 | 000,616,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/01/11 13:21:30 | 000,106,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/01/08 18:05:15 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/01/01 21:33:25 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/19 19:25:53 | 000,709,968 | ---- | C] () -- C:\Windows\is-RJTF1.exe [2012/01/19 19:25:53 | 000,010,498 | ---- | C] () -- C:\Windows\is-RJTF1.msg [2012/01/19 19:25:53 | 000,000,439 | ---- | C] () -- C:\Windows\is-RJTF1.lst [2012/01/19 19:21:31 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 17:29:05 | 001,948,279 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2012/01/18 16:56:41 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2012/01/18 16:56:11 | 000,007,502 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat [2012/01/18 16:56:11 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.cat [2012/01/18 16:56:11 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet64.cat [2012/01/18 16:56:11 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa.inf [2012/01/18 16:56:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds.inf [2012/01/18 16:56:11 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet.inf [2012/01/18 16:56:10 | 000,007,504 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.cat [2012/01/18 16:56:10 | 000,007,500 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.cat [2012/01/18 16:56:10 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.cat [2012/01/18 16:56:10 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.inf [2012/01/18 16:56:10 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.inf [2012/01/18 16:56:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.inf [2012/01/18 16:56:09 | 000,007,510 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.cat [2012/01/18 16:56:09 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.inf [2012/01/18 16:55:52 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini [2012/01/18 13:46:08 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/01/18 13:46:08 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/01/18 13:46:06 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/01/15 23:53:44 | 000,004,331 | ---- | C] () -- C:\Users\Ste\Documents\emma music.odt [2012/01/15 23:50:15 | 016,101,290 | ---- | C] () -- C:\Users\Ste\Desktop\Music 6.zip [2012/01/15 23:49:55 | 024,567,996 | ---- | C] () -- C:\Users\Ste\Desktop\Music 5.zip [2012/01/15 23:49:41 | 014,972,491 | ---- | C] () -- C:\Users\Ste\Desktop\Music 4.zip [2012/01/15 23:49:31 | 024,154,679 | ---- | C] () -- C:\Users\Ste\Desktop\Music 3.zip [2012/01/15 23:49:19 | 022,032,419 | ---- | C] () -- C:\Users\Ste\Desktop\Music 2.zip [2012/01/15 23:49:04 | 020,879,424 | ---- | C] () -- C:\Users\Ste\Desktop\Music 1.zip [2012/01/01 21:33:25 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk [2011/11/23 14:18:43 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Roaming\wklnhst.dat [2011/10/30 21:50:21 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini [2011/10/21 17:40:23 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/10/21 17:40:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/05/11 19:57:29 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Local\{7D6DDE49-71B4-435D-A250-23D4193D40C2} [2010/12/18 14:29:29 | 000,011,776 | ---- | C] () -- C:\Users\Ste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/13 22:25:30 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2010/08/20 18:29:16 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/01/16 03:12:47 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010/01/16 03:12:47 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/01/16 03:12:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/01/16 03:12:46 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010/01/16 03:12:46 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/08/23 16:35:24 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\AVG10 [2011/08/23 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\CheckPoint [2011/01/09 16:00:03 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\HamsterSoft [2011/04/15 09:17:01 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\Registry Mechanic [2010/12/18 13:58:21 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\Research In Motion [2012/01/15 23:54:08 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\SoftGrid Client [2011/11/09 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\Sports Interactive [2012/01/19 18:52:05 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\Systweak [2010/12/31 10:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\Tific [2010/08/20 18:30:32 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\TP [2010/08/31 10:57:38 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\Trusteer [2010/12/05 20:19:31 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\Windows Live Writer [2011/11/23 18:11:28 | 000,000,000 | ---D | M] -- C:\Users\Ste\AppData\Roaming\{90140011-0061-0409-0000-0000000FF1CE} [2010/09/18 14:49:46 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job [2012/01/19 19:23:50 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job [2011/12/20 14:11:06 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/09/13 11:28:27 | 000,001,198 | ---- | M] () -- C:\account{v5i09}.oeaccount [2010/01/16 03:13:54 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2012/01/19 18:24:01 | 2207,338,496 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2012/01/19 18:24:10 | 2943,119,360 | -HS- | M] () -- C:\pagefile.sys [2010/01/16 03:33:36 | 000,003,274 | ---- | M] () -- C:\RHDSetup.log [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/15 13:25:21 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/15 13:25:21 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/15 13:25:21 | 000,715,216 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/01/15 13:25:23 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/01/15 13:25:23 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/15 13:25:23 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 01:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 01:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 01:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/01/15 13:25:21 | 000,715,216 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/01/15 13:25:21 | 000,715,216 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/01/15 13:25:21 | 000,715,216 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/01/15 13:25:23 | 000,924,632 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/01/15 13:25:23 | 000,924,632 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/01/15 13:25:23 | 000,924,632 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 01:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 01:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 01:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > Hope Iv'e done it right Many thanks Trazza
  17. Trazza
    I am now on another computer to let you know that at the 4th attempt I got the right download and it is now scanning the laptop. I will complete the scan then post it but could someone tell me how to do that/ Thanks Trazza
  18. Trazza
    Hi all, Yesterday my hotmail was hacked them subsequently blocked and to cut a very long story short someone from microsoft exteranally linked to my laptop and told me there were some serious problems with viruses and malware but I could not afford the £104 quoted for them to fix it. As I have had good advise and help in the past with pc help I thought I would ask for help again. I have tried to download Malwarebytes Anti Malware as advised in the sticky at the first post position but the first time I got APO2011 then I tried again and got regclean or somthing. Never once did they mention Download_mbam-setup.exe. Could you please include how to get the downloads or include a link to them so I know I am doing things correctly. Just a reminder I don't know much about computers but am happy to attempt most things with step by step instructions. Thanks Trazza
  19. Trazza
    Yes I did. I was at the stage where I was considering dumping all my files on to the external hard drive and thentotally reinstalling windows XP (I am one of the lucky one's who got the original disk when I bought the pc) So as far as deleting the lower filter key I felt there was not much risk. I am extremley glad though that I didn't have to do this as last time I reformatted the laptop it took me all day to get the thing working properly again. I would love to know though how this other person got to realise that it was this that caused the problem must be a genius. By the way it was "Lower Filters REG_MULTI_SZ lvmvdrv Thanks for looking into it anyway and if anyone else post's with a similar problem this may give you a starting point. Regards Trazza
  20. Trazza
    Hi folks, Thanks for all your advice but I have now rectified the problem. Found someone else who had the same problems as me albeit with a different all in one printer. It was caused by a lower filter key in the registry left there by an old Logitech webcam that has been long gone. Trazza
  21. Trazza
    I think I may have something on the desktop that is conflicting with the printer because as I said everything on the llaptop works fine. In device manager there is a yellow mark against one of the drivers but when I try to udate it I just keep getting the same alert "Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)" Is there any way to find out whether or not there is something on there that is stopping the printer from working properly. Trazza
  22. Trazza
    Yes I have done that.
  23. Trazza
    I tried to connect my Epson all in one to the pc today and although it prints fine and copies fine the scanner will not work. The message I get is "Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)" I was able to load it onto the laptop and everything works and as both the desktop and the laptop are running on windows XP I have to think there must be something wrong with my desktop. Can anyone help please. Thanks Trazza
  24. Trazza
    I can try my monitor on my brothers pc at the weekend but was wondering if there was anything else I could try before that as it's starting to drive me bonkers.
  25. Trazza
    Hi all, Was wondering if anyone could help with a problem I'm having. Here goes, When I leave the computer on and it goes into sleep mode when I come to use it again there is nothing on the screen. After pondering on this for a little while I noticed that the light for the monitor was on but if I switched it off then on again I got a flash of whatever was on the screen previous to the sleep mode. I sometimes have to switch off and on again up to 7 times before the screen stays on. Today for the first time it did it on startup and I had to do the off/on thing 4 times then everything was ok. It has never up to now gone off whilst I am doing something on the pc only when switching on or waking from sleep mode. Does anyone have any idea of what's happening here or have I got a very lazy monitor. Thanks for taking time to read this thread and any help would be gratefully appreciated.
×
×
  • Create New...