I think there is a problem with my laptop

Trazza · January 24, 2012

Hi Starbuck

Have uninstalled the Graphics driver then reinstalled it again. Was worried that I had done something wrong because it seemed to reboot in safe mode after the uninstall but I went through the steps as you told me and it all seems ok now. I will just have to wait and see if i get the text box again saying it's not functioning to know for sure but hopefully I will never see it again.

Done the OTL fix and here is the report

All processes killed

========== OTL ==========

No active process named Program Files was found!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.

C:\Program Files (x86)\Ask.com\Updater folder moved successfully.

C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.

C:\Program Files (x86)\Ask.com\assets folder moved successfully.

C:\Program Files (x86)\Ask.com folder moved successfully.

C:\Users\Ste\AppData\Local\APN\GoogleCRXs folder moved successfully.

C:\Users\Ste\AppData\Local\APN folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 36001094 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Ste

->Temp folder emptied: 4614610 bytes

->Temporary Internet Files folder emptied: 90456 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 62329106 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 782 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 167428 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes

RecycleBin emptied: 122710534 bytes

Total Files Cleaned = 215.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01242012_112018

Files\Folders moved on Reboot...

C:\Users\Ste\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Once again thank you so much

Trazza

Starbuck · January 24, 2012

Hi Trazza,

I will just have to wait and see if i get the text box again saying it's not functioning to know for sure but hopefully I will never see it again.

Fingers crossed then. :)

Run the system for a day or two and then get back to me and let me know.

If everything is still ok, we can finish off the cleaning.

Trazza · January 24, 2012

Hi Trazza,

Fingers crossed then. :)
Run the system for a day or two and then get back to me and let me know.
If everything is still ok, we can finish off the cleaning.

cheers Starbuck that would be great

I will post back later in the week.

You have my gratefull thanks once again. Trazza

Trazza · January 26, 2012

Hi Starbuck

Everything seems to be behaving great and you said to get back to you so that we can finish off the cleaning.

Just one more thing if it's not too much trouble, Is there anyway that I can see what programs I have running on start up only it seems to take forever when I first start the laptop.

I have seen that it's possible via the OTL report to see what is running on start up but as I can't make head nor tail of the OTL report and I honestly have not got a clue as to what is

necessary and what is not. If I got rid of a few of the unnecessary ones then the laptop might load quicker.

Also I wish to donate when we have finished but dont have my own paypal account, would it be possible to donate through my son's account or would he need to become a member.

Many thanks Trazza

Edited January 26, 2012 by Trazza

Starbuck · January 26, 2012

Is there anyway that I can see what programs I have running on start up only it seems to take forever when I first start the laptop.
I have seen that it's possible via the OTL report to see what is running on start up but as I can't make head nor tail of the OTL report and I honestly have not got a clue as to what is
necessary and what is not. If I got rid of a few of the unnecessary ones then the laptop might load quicker.

Yes, OTL does tell us what is loading at start up.

These are shown in the O4 lines:

These are yours based on the last OTL report.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\_NowIntoDT.vbs File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

Some we have already taken care of, so not all of these will apply now.

Yes, if you get rid of some the loading process will be quicker as there is obviously less programs starting up.

Just for interest, this is taken from my own Otl report:

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

That's it! :cool:

I'm a firm believer that if it's not necessary.... it doesn't run ( unless i need it).

We can use a registry fix with OTL that will stop some of the unnecessary programs from starting.

This will just stop them from loading, it won't delete them from your system.

So if you needed to run them again, you start them manually by clicking Start >> All Programs .... and then selecting the required program.

Some programs are needed to run ( laptops have more than desktops because of the extra programs needed. (battery check etc)

Some are down to the owner, there may be a particular program you always use at start up.

Some are totally unnecessary.

As things may have changed, let's get an up to date report and see what we can safely remove.

Run Otl again and just click on the Scan button.

Post that in a reply and i'll go through the start up entries and let you know what we can safely remove.

I can then add them to a fix for you.

Also I wish to donate when we have finished but dont have my own paypal account, would it be possible to donate through my son's account or would he need to become a member.

I will ask RandyL to reply on that one as he understands the process a lot better than I do.

Thanks for thinking of donating, it really does make a difference.

RandyL · January 26, 2012

Hi Trazza.

You should be able to use any PayPal account to donate. If you use the donate button while logged in I'll see it and the amount you choose to donate. That way I can update your status to Donating Member which will also give your name a custom green color.

Thanks for considering a donation Trazza. I'll keep an eye on it so I can upgrade your status if you so choose.

Trazza · January 27, 2012

Hi Starbuck,

Here is my latest OTL report. I can see that looking at it I still have quite a few programs running at start up but have no idea what they are.

OTL logfile created on: 27/01/2012 08:35:09 - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ste\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.74 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 51.86% Memory free

5.48 Gb Paging File | 3.86 Gb Available in Paging File | 70.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.99 Gb Total Space | 205.08 Gb Free Space | 71.71% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: v5i09 | User Name: Ste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ste\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.)

PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe (LogMeIn, Inc.)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)

PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)

PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)

PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.)

PRC - C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()

MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (LMIRescueUA_1424670) LogMeIn Rescue (1424670) -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe (Symantec Corporation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)

SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)

SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (KService) -- C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys (Symantec Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys (Symantec Corporation)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys (Symantec Corporation)

DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (k57nd60a) Broadcom NetLink -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120126.003\ex64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120126.003\eng64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)

DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120125.002\IDSviA64.sys (Symantec Corporation)

DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1ae72087-d825-4524-9ecd-9ec7c685b9b3%7D&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-10%2012%3A11%3A37&sap=ku&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/12/25 12:08:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/22 20:24:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/16 21:39:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/01/27 08:25:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/01/27 08:25:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 13:25:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/24 11:11:00 | 000,000,000 | ---D | M]

[2011/09/08 18:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Extensions

[2012/01/19 18:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions

[2012/01/23 19:51:30 | 000,000,000 | ---D | M] ("Support.com Toolbar") -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions\toolbar@ask.com

[2012/01/19 19:26:46 | 000,002,472 | ---- | M] () -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\searchplugins\safesearch.xml

[2011/09/08 18:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/01/27 08:25:56 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN

[2012/01/27 08:25:57 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN

() (No name found) -- C:\USERS\STE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\73HPPIBO.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI

[2012/01/15 13:25:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npBBCPlugin.dll

[2011/10/21 16:01:16 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/01/16 21:37:25 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2011/10/21 16:01:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/10/21 16:01:16 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/10/21 16:01:16 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/10/21 16:01:16 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B9E5A093-7965-4648-82FE-B5D2292A3412}&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&lang=us&ds=AVG&pr=fr&d=2011-12-10 12:11:37&v=10.0.0.7&sap=dsp&q={searchTerms}

CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Google Search = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Gmail = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/01/23 19:38:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\_NowIntoDT.vbs File not found

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1BF8E44-BF99-4A3A-AC7B-AC44AF9636D0}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 11:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel

[2012/01/24 10:22:55 | 000,000,000 | ---D | C] -- C:\Kontiki

[2012/01/24 08:44:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview

[2012/01/24 08:42:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

[2012/01/24 08:30:12 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2012/01/24 08:30:11 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll

[2012/01/24 08:30:11 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll

[2012/01/24 08:30:11 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2012/01/24 08:30:11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2012/01/24 08:30:11 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2012/01/23 20:14:40 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll

[2012/01/23 20:14:40 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2012/01/23 20:14:40 | 000,263,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2012/01/23 20:14:40 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2012/01/23 20:14:40 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2012/01/23 20:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/01/23 15:55:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/01/22 08:59:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/01/22 08:59:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/01/22 08:59:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/01/22 08:58:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/01/22 08:55:11 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/01/20 22:18:59 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/01/19 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Malwarebytes

[2012/01/19 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/19 19:21:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/19 18:46:42 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Systweak

[2012/01/19 18:46:41 | 000,018,816 | ---- | C] (Systweak Inc., (http://www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe

[2012/01/18 17:37:15 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs

[2012/01/18 16:56:11 | 001,084,024 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys

[2012/01/18 16:56:11 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys

[2012/01/18 16:56:11 | 000,401,016 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys

[2012/01/18 16:56:11 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys

[2012/01/18 16:56:10 | 000,729,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys

[2012/01/18 16:56:10 | 000,189,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys

[2012/01/18 16:56:09 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys

[2012/01/18 16:55:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A

[2012/01/18 14:13:53 | 000,073,648 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll

[2012/01/18 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended

[2012/01/18 14:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Applet

[2012/01/18 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ste\Documents\Symantec

[2012/01/18 13:46:08 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/01/18 13:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64

[2012/01/18 13:44:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2012/01/18 13:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security

[2012/01/18 13:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2012/01/11 18:33:31 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2012/01/11 18:33:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2012/01/11 18:33:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012/01/11 18:33:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012/01/11 18:33:29 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/01/11 18:33:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/01/11 18:33:28 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2012/01/11 18:33:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2012/01/11 18:33:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2012/01/02 01:23:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Deliveries

[2012/01/01 21:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Download Manager

[2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kontiki

[2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kontiki

[2012/01/01 21:32:40 | 000,000,000 | ---D | C] -- C:\logs3

[2010/01/16 03:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 08:33:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/27 08:33:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/27 08:30:37 | 000,001,086 | ---- | M] () -- C:\Users\Ste\Desktop\OTL - Shortcut.lnk

[2012/01/27 08:25:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/27 08:24:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/27 08:24:50 | 2207,338,496 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/27 00:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/01/26 17:04:31 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/01/26 16:17:41 | 000,343,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/01/24 11:11:00 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/01/24 11:00:21 | 001,962,597 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB

[2012/01/24 10:38:54 | 000,727,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/01/24 10:38:54 | 000,629,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/01/24 10:38:54 | 000,111,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/01/24 08:56:08 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll

[2012/01/24 08:56:08 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll

[2012/01/23 20:14:15 | 000,263,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2012/01/23 20:14:15 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2012/01/23 20:14:15 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2012/01/23 20:14:14 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll

[2012/01/23 20:14:14 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2012/01/23 19:58:34 | 000,001,236 | ---- | M] () -- C:\Users\Ste\Desktop\jre-7u2-windows-x64 - Shortcut.lnk

[2012/01/23 19:38:23 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2012/01/23 17:03:06 | 000,038,495 | ---- | M] () -- C:\Users\Ste\Documents\free pc help txt.odt

[2012/01/23 15:32:26 | 000,001,137 | ---- | M] () -- C:\Users\Ste\Desktop\ComboFix.exe - Shortcut.lnk

[2012/01/20 00:11:54 | 000,001,168 | ---- | M] () -- C:\Users\Ste\Desktop\Hamster Free Video Converter.lnk

[2012/01/19 19:25:53 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/18 17:33:37 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/01/18 16:56:12 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023

[2012/01/18 14:13:00 | 000,073,648 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll

[2012/01/18 13:46:08 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/01/18 13:46:08 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/01/18 13:46:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/01/16 20:05:30 | 003,271,755 | ---- | M] () -- C:\Users\Ste\Desktop\IMG_0026.JPG

[2012/01/16 20:05:20 | 002,775,912 | ---- | M] () -- C:\Users\Ste\Desktop\IMG_0025.JPG

[2012/01/15 23:53:58 | 000,004,331 | ---- | M] () -- C:\Users\Ste\Documents\emma music.odt

[2012/01/11 18:17:47 | 362,880,296 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/01/01 21:33:25 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/27 08:30:37 | 000,001,086 | ---- | C] () -- C:\Users\Ste\Desktop\OTL - Shortcut.lnk

[2012/01/24 11:11:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012/01/24 11:11:00 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/01/23 19:58:34 | 000,001,236 | ---- | C] () -- C:\Users\Ste\Desktop\jre-7u2-windows-x64 - Shortcut.lnk

[2012/01/23 17:02:58 | 000,038,495 | ---- | C] () -- C:\Users\Ste\Documents\free pc help txt.odt

[2012/01/23 15:32:26 | 000,001,137 | ---- | C] () -- C:\Users\Ste\Desktop\ComboFix.exe - Shortcut.lnk

[2012/01/22 08:59:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/01/22 08:59:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/01/22 08:59:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/01/22 08:59:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/01/22 08:59:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/01/19 22:37:20 | 003,271,755 | ---- | C] () -- C:\Users\Ste\Desktop\IMG_0026.JPG

[2012/01/19 22:37:19 | 002,775,912 | ---- | C] () -- C:\Users\Ste\Desktop\IMG_0025.JPG

[2012/01/19 19:21:31 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/18 17:29:05 | 001,962,597 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB

[2012/01/18 16:56:41 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023

[2012/01/18 16:56:11 | 000,007,502 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat

[2012/01/18 16:56:11 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.cat

[2012/01/18 16:56:11 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet64.cat

[2012/01/18 16:56:11 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa.inf

[2012/01/18 16:56:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds.inf

[2012/01/18 16:56:11 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet.inf

[2012/01/18 16:56:10 | 000,007,504 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.cat

[2012/01/18 16:56:10 | 000,007,500 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.cat

[2012/01/18 16:56:10 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.cat

[2012/01/18 16:56:10 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.inf

[2012/01/18 16:56:10 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.inf

[2012/01/18 16:56:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.inf

[2012/01/18 16:56:09 | 000,007,510 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.cat

[2012/01/18 16:56:09 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.inf

[2012/01/18 16:55:52 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini

[2012/01/18 13:46:08 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/01/18 13:46:08 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/01/18 13:46:06 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/01/15 23:53:44 | 000,004,331 | ---- | C] () -- C:\Users\Ste\Documents\emma music.odt

[2012/01/01 21:33:25 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk

[2011/11/23 14:18:43 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Roaming\wklnhst.dat

[2011/10/30 21:50:21 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini

[2011/10/21 17:40:23 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/10/21 17:40:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/05/11 19:57:29 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Local\{7D6DDE49-71B4-435D-A250-23D4193D40C2}

[2010/12/18 14:29:29 | 000,011,776 | ---- | C] () -- C:\Users\Ste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/13 22:25:30 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI

[2010/08/20 18:29:16 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

Thanks Trazza

Starbuck · January 27, 2012

Hi Trazza,

I can see that looking at it I still have quite a few programs running at start up but have no idea what they are.

Not a problem.

I'll list what is safe to remove and will explain what each one is related to.

If you wanted all of these entries removed from the start up list, just run the Otl fix below:

As i explained before, these entries will only be removed from the start up list.... the actual file/program will not be removed.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

This is a valid entry, but is classified as 'user's choice'.

It may not be needed, but that depends on whether the user deems it necessary.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not.

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

Related to igfxpers.exe a process installed alongside NVidia graphics cards and provides additional configuration options for these devices.

O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\_NowIntoDT.vbs File not found

Orphan entry... can be removed

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

Related to High_Definition_Audio_System driver from Realtek Semiconductor.

O4 - HKLM..\Run: [] File not found

Orphan entry... can be removed

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

Related to Apple Inc.Apple Application Support Daemon

This is a valid entry, but is classified as 'user's choice'.

It may not be needed, but that depends on whether the user deems it necessary.

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

Related to NewTech Infosystems A comprehensive and easy solution for backing up your valuable data.

This is a valid entry, but is classified as 'user's choice'.

It may not be needed, but that depends on whether the user deems it necessary.

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

Related to DivXNetworks, Inc. Update for DivX software.

Not needed to run.

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

Related to EgisTec Egis Live updates. Can be run when required.

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

Related to Acer Launch Manager - programmable keys on such laptops as the TravelMate 610.

This is a valid entry, but is classified as 'user's choice'.

It may not be needed, but that depends on whether the user deems it necessary.

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

Application Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals.

O4 - HKCU..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.)

Related to KonTiki Secure Delivery Plug In related. "The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers"

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

Run once entries should just run the once and then should be removed from the list.

As this is still there it's safe to remove it.

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\_NowIntoDT.vbs File not found
O4 - HKLM..\Run: [] File not found

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"=_
"HotKeysCmds"=_
"IgfxTray"=_
"Persistence"=_
"RtHDVCpl"=_
"APSDaemon"=_
"BackupManagerTray"=_
"DivXUpdate"=_
"EgisTecLiveUpdate"=_
"LManager"=_
"TkBellExe"=_

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=_

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=_

:commands
[emptytemp]

Return to OTL,
right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
Click the red Run Fix button.

http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
OTL will reboot your system once the fix has completed.
After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

After running the fix, i'd recommend running the following program:

Download Puran Disc Defragmenter

Save it to your 'Desktop'.

Run the program.

From the main 'Puran Defrag' screen, click on the 'C' drive to highlight it.

Then click on 'Defrag'.

This program is faster than the built in Windows Defrag and is more efficient.

Try not to use the m/c while the defrag is running.

See if the system runs any faster afterwards.

Trazza · January 27, 2012

Hi Starbuck

Did what you said and tried the OTL fix but encountered the same result as what happened in post 12 "windows has encountered a problem and will restart in one min"

When it restarted however there was a new report from OTL so I have posted it to see if it worked anyway.

All processes killed

========== OTL ==========

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PLD_FrameworkRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Acer ePower Management"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"HotKeysCmds"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"IgfxTray"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Persistence"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"RtHDVCpl"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"APSDaemon"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"BackupManagerTray"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"DivXUpdate"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"EgisTecLiveUpdate"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"LManager"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"TkBellExe"|_ /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"kdx"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\"AvgUninstallURL"|_ /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Ste

->Temp folder emptied: 141859 bytes

->Temporary Internet Files folder emptied: 74340 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 137091409 bytes

->Google Chrome cache emptied: 6291709 bytes

->Flash cache emptied: 1861 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7236 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 137.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01272012_225748

Files\Folders moved on Reboot...

C:\Users\Ste\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Thanks Trazza

Trazza · January 27, 2012

And here is another OTL scan done after the fix.

OTL logfile created on: 27/01/2012 23:23:47 - Run 4

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ste\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.74 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 57.48% Memory free

5.48 Gb Paging File | 4.13 Gb Available in Paging File | 75.29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.99 Gb Total Space | 204.64 Gb Free Space | 71.55% Space Free | Partition Type: NTFS