Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

West yorkshire police virus/ransomware [Solved]

Started by armiger , Sep 06 2012 09:12 AM

  • This topic is locked This topic is locked

#1
armiger
Posted 06 September 2012 - 09:12 AM

armiger

    New Member

  • Member
  • Pip
  • 4 posts
Hi

Today I had a virus/ransomware called "west yorkshire police" I got rid of it by booting into safe mode and deleting the file sppcomapi.exe from the C drive and registry. This seemed to worke fine but unfortunately the PC now seems to be unstable, the main issue I can see is that in excel, I have a sheet were the cells are flood filled with different colours, these are now blank, also the ribbon buttons look "blurry" almost as if I am using safe mode. IE also looks different, very few graphics load on the web pages.

Not sure I killed the virus totally and any help gratefully received.

Thanks in advance

Martyn

TL logfile created on: 06/09/2012 15:57:47 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Martyn & Linda\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.74 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 53.40% Memory free
5.48 Gb Paging File | 3.78 Gb Available in Paging File | 68.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.99 Gb Total Space | 213.26 Gb Free Space | 75.09% Space Free | Partition Type: NTFS

Computer Name: BLUEY | User Name: Martyn & Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 15:56:59 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Martyn & Linda\Desktop\OTL.exe
PRC - [2012/08/14 21:59:14 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/11/01 16:40:04 | 001,053,056 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2011/10/27 11:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/10/27 11:33:40 | 000,126,512 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011/10/27 11:33:32 | 000,148,016 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010/05/03 15:15:42 | 001,480,032 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/04/08 05:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/08 05:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/08 05:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/03/09 00:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/12/24 01:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 16:42:14 | 000,392,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2011/11/01 16:42:12 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2011/11/01 16:42:08 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2011/11/01 16:42:06 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2011/11/01 16:41:38 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2011/11/01 16:41:36 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
MOD - [2011/11/01 16:41:34 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2011/11/01 16:41:32 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2011/11/01 16:41:30 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2011/11/01 16:41:24 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2011/11/01 16:41:22 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2011/11/01 16:41:20 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2011/11/01 16:41:18 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2011/11/01 16:41:16 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2011/11/01 16:41:14 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2011/11/01 16:41:12 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2011/11/01 16:41:10 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2011/11/01 16:41:06 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2011/11/01 16:40:56 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2011/11/01 16:40:54 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2011/11/01 16:40:52 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2011/11/01 16:40:08 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2011/11/01 16:40:00 | 000,438,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2011/11/01 16:39:36 | 001,041,792 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2011/11/01 16:39:06 | 000,740,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2011/11/01 15:57:42 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/03 15:15:46 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010/05/03 15:15:34 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/03/09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2009/05/20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/03/17 10:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/14 21:59:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/10/27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/23 23:35:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/08 05:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/24 01:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/08 07:19:18 | 000,101,464 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/17 13:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 13:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 13:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 13:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/19 09:56:42 | 000,245,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/31 08:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/21 10:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/03/02 06:25:00 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/02/26 09:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 23:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/12/17 18:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012/07/29 20:52:40 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/07/29 20:52:38 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/12/15 17:50:54 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...g4z1k5f4692a279
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKCU\..\SearchScopes\{16EC0BF8-460A-40C9-B313-BC1CC9E5DD3C}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{2F8418AA-FADD-458A-BC44-CC50A654888B}: "URL" = http://uk.search.yah...29,17152,0,18,0
IE - HKCU\..\SearchScopes\{63934CCE-8639-49C8-B038-20E9481700DA}: "URL" = http://shopping.yaho...Terms}&fr=yessv
IE - HKCU\..\SearchScopes\{64FC8C82-D5C5-4718-A22B-6C7F3E730F59}: "URL" = http://uk.search.yah...Terms}&fr=yessv
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACPW_enGB402
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ACPW_enGB402
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...1&toolbar=MP3R3
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...Terms}&fr=yessv
IE - HKCU\..\SearchScopes\{EBD5C10D-6BD3-423D-82ED-2FFF3C418EC5}: "URL" = http://uk.local.yaho...ML&cs=&fr=yessv
IE - HKCU\..\SearchScopes\{F3492732-B1CF-4BE5-BEBC-F50DFDFC4C3E}: "URL" = http://uk.search.yah...Terms}&fr=yessv
IE - HKCU\..\SearchScopes\{F824FBE4-3603-4D9E-AD90-4B71CC453B47}: "URL" = http://uk.search.yah...Terms}&fr=yessv
IE - HKCU\..\SearchScopes\{FAC8669B-D023-4A3C-B81E-0F3E96F04EAF}: "URL" = http://uk.search.yah...Terms}&fr=yessv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/21 12:45:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011/12/03 10:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/21 12:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/03 10:33:46 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchqu.com/406
CHR - Extension: No name found = C:\Users\Martyn & Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: No name found = C:\Users\Martyn & Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2012/09/06 15:03:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Program Files (x86)\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\OEM\Preload\utility\_NowIntoDT.vbs ()
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Martyn & Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &FreeRIP Search - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Martyn & Linda\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &FreeRIP Search - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Martyn & Linda\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0451CE-B04B-4453-A963-6B6376156A27}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 15:56:50 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Martyn & Linda\Desktop\OTL.exe
[2012/09/06 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\Martyn & Linda\AppData\Roaming\Malwarebytes
[2012/09/06 15:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/06 15:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/06 15:23:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/06 15:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/06 15:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseConvert
[2012/09/06 15:03:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/06 14:51:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/06 14:51:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/06 14:51:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/06 14:51:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/05 14:54:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Martyn & Linda\Desktop\dds.com
[2012/09/05 14:47:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Martyn & Linda\Desktop\HijackThis.exe
[2012/08/30 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\Martyn & Linda\Documents\Nokia Suite
[2012/08/12 11:03:32 | 000,000,000 | ---D | C] -- C:\Users\Martyn & Linda\Documents\DVDVideoSoft
[2012/08/08 17:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/06 15:59:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 15:56:59 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Martyn & Linda\Desktop\OTL.exe
[2012/09/06 15:32:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 15:32:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 15:11:20 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 15:11:20 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 15:03:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/06 15:03:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/06 15:03:01 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/06 11:00:00 | 005,246,976 | ---- | M] () -- C:\Users\Martyn & Linda\Documents\Home Finances.mny
[2012/09/06 09:59:16 | 093,762,729 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/09/05 14:54:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Martyn & Linda\Desktop\dds.com
[2012/09/05 14:47:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Martyn & Linda\Desktop\HijackThis.exe
[2012/09/01 13:51:39 | 000,342,780 | ---- | M] () -- C:\Users\Martyn & Linda\Documents\Sky secure checkout - Confirmation.mht
[2012/08/30 18:50:13 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/30 18:50:13 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/30 18:50:13 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/28 17:48:37 | 000,346,465 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/16 07:28:28 | 000,346,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/08 07:42:56 | 000,001,061 | ---- | M] () -- C:\Users\Martyn & Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/06 14:51:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/06 14:51:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/06 14:51:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/06 14:51:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/06 14:51:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/01 17:19:02 | 000,342,780 | ---- | C] () -- C:\Users\Martyn & Linda\Documents\Sky secure checkout - Confirmation.mht
[2012/07/16 07:29:11 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/15 22:58:10 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/03/17 14:17:54 | 000,360,448 | ---- | C] () -- C:\Windows\ltsModule.exe
[2011/07/06 19:08:03 | 000,000,000 | ---- | C] () -- C:\Users\Martyn & Linda\AppData\Local\{70FFB9AC-F99C-4B1F-93A7-471C0E668B96}
[2011/03/20 14:30:12 | 000,014,368 | ---- | C] () -- C:\Windows\skype.dat
[2011/03/20 14:29:55 | 000,032,854 | ---- | C] () -- C:\Windows\iniLS.dat
[2011/02/13 10:25:17 | 000,001,147 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/02/13 10:25:06 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/02/13 10:24:39 | 000,000,034 | ---- | C] () -- C:\Users\Martyn & Linda\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/02/13 10:24:36 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/01/23 15:40:59 | 000,000,518 | ---- | C] () -- C:\Users\Martyn & Linda\AppData\Roaming\wklnhst.dat
[2010/10/22 10:48:01 | 000,006,144 | ---- | C] () -- C:\Users\Martyn & Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/10/12 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\AVG2012
[2012/06/20 23:08:47 | 000,000,000 | ---D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/08/29 10:35:11 | 000,000,000 | ---D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\DVDVideoSoft
[2011/08/29 10:34:34 | 000,000,000 | ---D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/30 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\Nokia
[2010/10/23 18:38:05 | 000,000,000 | ---D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\Nokia Ovi Suite
[2010/10/22 10:42:23 | 000,000,000 | -H-D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\PC Suite
[2011/01/23 15:41:02 | 000,000,000 | ---D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\Template
[2010/10/23 18:38:07 | 000,000,000 | ---D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\Trusteer
[2010/10/22 21:27:20 | 000,000,000 | -H-D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\WildTangent
[2012/06/11 07:41:44 | 000,000,000 | ---D | M] -- C:\Users\Martyn & Linda\AppData\Roaming\Windows Live Writer
[2012/08/06 07:29:13 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
WhiteHat
Posted 06 September 2012 - 07:54 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

NEXT:

  • Run OTL
  • Select All Users
  • Now on the Box Extra Registry, click in Use safe list
  • Copy the lines under the Code.
    netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
%systemdrive%\$Recycle.Bin|@;true;true;true
/md5stop
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Back to the program and paste the text in red in the text box "Custom Scan / Fixes"
  • Click on Run Scan button
  • The examination takes a while, be patient.
  • Copy the entire contents of the log OTL.txt and post in your next reply
FINALLY:

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Logs I want to see in your next reply:
  • AdwCleaner
  • OTL.txt
  • Extras.txt
  • aswMBR log

  • 0

#3
armiger
Posted 07 September 2012 - 02:46 AM

armiger

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi

Thanks for the response it is much appreciated, done as requested. Was not sure whether to post or attach the adwcleaner so have done both.

# AdwCleaner v2.000 - Logfile created 09/07/2012 at 09:06:40
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Martyn & Linda - BLUEY
# Boot Mode : Normal
# Running from : C:\Users\Martyn & Linda\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\DVDVideoSoftTB
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Martyn & Linda\AppData\Local\Conduit
Folder Deleted : C:\Users\Martyn & Linda\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Martyn & Linda\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Martyn & Linda\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Martyn & Linda\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Martyn & Linda\AppData\LocalLow\searchquband

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Key Deleted : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D0182ABA-943D-4365-A160-4977D90A0B18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D0182ABA-943D-4365-A160-4977D90A0B18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D42AA5DC-1F3E-46E9-A2D6-D1D2449B6F3E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF1B6B8F-0B7F-4105-B593-0C7FF2A3A9BF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Martyn & Linda\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.19] : search_url ="search_url" : "hxxp://dts.search-results.com/sr?src=crb&appid=113&systemid=406&sr=0&q={searchTerms}"

*************************

AdwCleaner[S1].txt - [6749 octets] - [07/09/2012 09:06:40]

########## EOF - C:\AdwCleaner[S1].txt - [6809 octets] ##########

OTL logfile created on: 07/09/2012 09:16:00 - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Martyn & Linda\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.74 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 55.81% Memory free
5.48 Gb Paging File | 3.91 Gb Available in Paging File | 71.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.99 Gb Total Space | 213.07 Gb Free Space | 75.03% Space Free | Partition Type: NTFS

Computer Name: BLUEY | User Name: Martyn & Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 15:56:59 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Martyn & Linda\Desktop\OTL.exe
PRC - [2012/08/14 21:59:14 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/11/01 16:40:04 | 001,053,056 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2011/10/27 11:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/10/27 11:33:40 | 000,126,512 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011/10/27 11:33:32 | 000,148,016 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010/05/03 15:15:42 | 001,480,032 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/04/09 09:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/04/08 05:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/08 05:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/08 05:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/03/09 00:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/12/24 01:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/24 01:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/11 06:48:22 | 000,231,968 | ---- | M] () -- c:\OEM\Preload\utility\setEvent.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 02:07:06 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/14 02:06:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/05/10 07:41:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 07:40:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/10 07:40:36 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/10 07:40:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/10 07:40:29 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/10 07:40:21 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/11/01 16:42:14 | 000,392,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2011/11/01 16:42:12 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2011/11/01 16:42:08 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2011/11/01 16:42:06 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2011/11/01 16:41:38 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2011/11/01 16:41:36 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
MOD - [2011/11/01 16:41:34 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2011/11/01 16:41:32 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2011/11/01 16:41:30 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2011/11/01 16:41:24 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2011/11/01 16:41:22 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2011/11/01 16:41:20 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2011/11/01 16:41:18 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2011/11/01 16:41:16 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2011/11/01 16:41:14 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2011/11/01 16:41:12 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2011/11/01 16:41:10 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2011/11/01 16:41:06 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2011/11/01 16:40:56 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2011/11/01 16:40:54 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2011/11/01 16:40:52 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2011/11/01 16:40:08 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2011/11/01 16:40:00 | 000,438,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2011/11/01 16:39:36 | 001,041,792 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2011/11/01 16:39:06 | 000,740,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2011/11/01 15:57:42 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/03 15:15:46 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010/05/03 15:15:34 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/04/09 09:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010/03/09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2009/09/11 06:48:22 | 000,231,968 | ---- | M] () -- c:\OEM\Preload\utility\setEvent.exe
MOD - [2009/05/20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/03/17 10:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/14 21:59:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/10/27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/23 23:35:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/08 05:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/24 01:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/08 07:19:18 | 000,101,464 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/17 13:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 13:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 13:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 13:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/19 09:56:42 | 000,245,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/31 08:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/21 10:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/03/02 06:25:00 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/02/26 09:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 23:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/12/17 18:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012/07/29 20:52:40 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/07/29 20:52:38 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/12/15 17:50:54 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...g4z1k5f4692a279
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{16EC0BF8-460A-40C9-B313-BC1CC9E5DD3C}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{2F8418AA-FADD-458A-BC44-CC50A654888B}: "URL" = http://uk.search.yah...29,17152,0,18,0
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{63934CCE-8639-49C8-B038-20E9481700DA}: "URL" = http://shopping.yaho...Terms}&fr=yessv
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{64FC8C82-D5C5-4718-A22B-6C7F3E730F59}: "URL" = http://uk.search.yah...Terms}&fr=yessv
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACPW_enGB402
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ACPW_enGB402
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...Terms}&fr=yessv
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{EBD5C10D-6BD3-423D-82ED-2FFF3C418EC5}: "URL" = http://uk.local.yaho...ML&cs=&fr=yessv
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{F3492732-B1CF-4BE5-BEBC-F50DFDFC4C3E}: "URL" = http://uk.search.yah...Terms}&fr=yessv
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{F824FBE4-3603-4D9E-AD90-4B71CC453B47}: "URL" = http://uk.search.yah...Terms}&fr=yessv
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{FAC8669B-D023-4A3C-B81E-0F3E96F04EAF}: "URL" = http://uk.search.yah...Terms}&fr=yessv
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/21 12:45:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011/12/03 10:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/21 12:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/03 10:33:46 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchqu.com/406
CHR - Extension: No name found = C:\Users\Martyn & Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: No name found = C:\Users\Martyn & Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2012/09/06 15:03:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Program Files (x86)\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\Toolbar\WebBrowser: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\OEM\Preload\utility\_NowIntoDT.vbs ()
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-21-1954331698-560438314-2454149162-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1954331698-560438314-2454149162-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\Martyn & Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &FreeRIP Search - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Martyn & Linda\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &FreeRIP Search - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Martyn & Linda\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0451CE-B04B-4453-A963-6B6376156A27}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 15:56:50 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Martyn & Linda\Desktop\OTL.exe
[2012/09/06 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\Martyn & Linda\AppData\Roaming\Malwarebytes
[2012/09/06 15:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/06 15:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/06 15:23:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/06 15:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/06 15:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseConvert
[2012/09/06 15:03:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/06 14:51:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/06 14:51:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/06 14:51:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/06 14:51:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/30 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\Martyn & Linda\Documents\Nokia Suite
[2012/08/15 22:40:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 22:40:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 22:40:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 22:40:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 22:40:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 22:40:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 22:40:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 22:40:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 22:40:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 22:40:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 22:40:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 22:40:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 22:40:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 07:41:26 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 07:41:21 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 07:41:21 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 07:41:21 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 07:41:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 07:41:19 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 07:41:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 07:41:15 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/12 11:03:32 | 000,000,000 | ---D | C] -- C:\Users\Martyn & Linda\Documents\DVDVideoSoft
[2012/08/08 17:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/07 09:15:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 09:15:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 09:14:30 | 093,843,645 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/09/07 09:08:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 09:08:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 09:08:29 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/07 09:05:17 | 000,511,265 | ---- | M] () -- C:\Users\Martyn & Linda\Desktop\adwcleaner.exe
[2012/09/07 08:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 08:32:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 19:44:26 | 005,246,976 | ---- | M] () -- C:\Users\Martyn & Linda\Documents\Home Finances.mny
[2012/09/06 15:56:59 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Martyn & Linda\Desktop\OTL.exe
[2012/09/06 15:03:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/01 13:51:39 | 000,342,780 | ---- | M] () -- C:\Users\Martyn & Linda\Documents\Sky secure checkout - Confirmation.mht
[2012/08/30 18:50:13 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/30 18:50:13 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/30 18:50:13 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/28 17:48:37 | 000,346,465 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/16 07:28:28 | 000,346,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 21:59:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 21:59:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/07 09:05:17 | 000,511,265 | ---- | C] () -- C:\Users\Martyn & Linda\Desktop\adwcleaner.exe
[2012/09/06 14:51:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/06 14:51:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/06 14:51:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/06 14:51:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/06 14:51:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/01 17:19:02 | 000,342,780 | ---- | C] () -- C:\Users\Martyn & Linda\Documents\Sky secure checkout - Confirmation.mht
[2012/07/16 07:29:11 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/15 22:58:10 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/03/17 14:17:54 | 000,360,448 | ---- | C] () -- C:\Windows\ltsModule.exe
[2011/07/06 19:08:03 | 000,000,000 | ---- | C] () -- C:\Users\Martyn & Linda\AppData\Local\{70FFB9AC-F99C-4B1F-93A7-471C0E668B96}
[2011/03/20 14:30:12 | 000,014,368 | ---- | C] () -- C:\Windows\skype.dat
[2011/03/20 14:29:55 | 000,032,854 | ---- | C] () -- C:\Windows\iniLS.dat
[2011/02/13 10:25:17 | 000,001,147 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/02/13 10:25:06 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/02/13 10:24:39 | 000,000,034 | ---- | C] () -- C:\Users\Martyn & Linda\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/02/13 10:24:36 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/01/23 15:40:59 | 000,000,518 | ---- | C] () -- C:\Users\Martyn & Linda\AppData\Roaming\wklnhst.dat
[2010/10/22 10:48:01 | 000,006,144 | ---- | C] () -- C:\Users\Martyn & Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/09/07 09:06:50 | 000,006,860 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2010/04/26 06:40:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/09/06 15:09:44 | 000,020,516 | ---- | M] () -- C:\ComboFix.txt
[2012/09/07 09:08:29 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/07 09:08:29 | 2943,049,728 | -HS- | M] () -- C:\pagefile.sys
[2006/04/15 00:05:02 | 000,009,952 | ---- | M] () -- C:\regxpcom.exe
[2010/06/23 23:29:54 | 000,003,083 | ---- | M] () -- C:\RHDSetup.log
[2012/09/05 09:27:01 | 000,133,894 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_05.09.2012_09.26.14_log.txt

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/02/04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/30 03:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/30 03:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/30 03:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/08/30 03:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/29 09:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/29 09:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/29 09:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/30 03:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/30 03:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/30 03:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/30 03:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/29 09:11:46 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/29 09:11:46 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/29 09:11:46 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< End of report >
OTL Extras logfile created on: 07/09/2012 09:16:00 - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Martyn & Linda\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.74 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 55.81% Memory free
5.48 Gb Paging File | 3.91 Gb Available in Paging File | 71.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.99 Gb Total Space | 213.07 Gb Free Space | 75.03% Space Free | Partition Type: NTFS

Computer Name: BLUEY | User Name: Martyn & Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1954331698-560438314-2454149162-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23911F8B-E761-4A47-9ADF-85A0B1B62C02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3EE79C06-5859-4DEA-8DAD-4E7262A3504B}" = lport=138 | protocol=17 | dir=in | app=system |
"{41090EA6-0AF7-404D-A184-B9FC93D5407D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{421F2022-18E5-493C-914C-AC8BC22E1E2F}" = rport=139 | protocol=6 | dir=out | app=system |
"{44A795FE-E4CA-45C6-BAB4-05481D3E5753}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B03C9E0-8570-4091-952E-BC548EF9B9C0}" = lport=139 | protocol=6 | dir=in | app=system |
"{5F4B94FB-ADA3-432A-AE7E-A3B410D7A7C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B76471C-CD47-42A7-8F65-4F01041D3767}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{832F1F3A-1D8C-41BA-825C-672F0943A9EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{87318C9A-40B4-4D55-B30F-7E73D1E19251}" = lport=445 | protocol=6 | dir=in | app=system |
"{94EEE7EA-1435-4DA2-8C25-32DCF2A6F8EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7F92FC5-B000-495F-8242-D3B5EDD0BB3E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B93EAF31-2B8B-4179-AB3F-2880BAAD9D03}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D496821D-E3C7-4263-AF2C-22D58C2C3575}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E992D846-79C0-4602-BC1D-CBB13EC26837}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE98FEBD-A93D-4FDE-9997-F4249AAFFA93}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015068F8-AE7B-4EBD-A010-DD220BF6D415}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{05CC6792-DF0A-49A2-842E-D6FD91CD6821}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{08480826-ACCE-4BED-9A4B-16B3B1CFC90B}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{0969B930-3CB1-427A-BB20-E5B2115A9AE6}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{0F94EFEB-4DB0-4C33-A524-35EC556409D9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1F534C94-991B-4819-9AC5-07C7E03F826F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{24F049A3-220F-42C4-9172-5207A305ED86}" = protocol=58 | dir=out | [email protected],-28546 |
"{2B0F54F1-8945-4297-A56C-C3B4DCA75A81}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{34BF0512-96A0-4962-BB5C-D906060F44F8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3D6A5E3B-3C18-42FC-9A51-F0C9ADF213F4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{4851C79B-07B6-4D6D-B076-DF8C086E4A01}" = protocol=58 | dir=in | [email protected],-28545 |
"{6330FBCA-530D-49DC-BDFA-F74337788186}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{66502C6E-AA6F-4257-9793-99D3CE17F069}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7E2BE272-37E4-4B3B-B066-94DA334AB15C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{8133D105-1F2F-49CC-8A1B-5CD0DF68C03B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AABE514-9E8A-429A-BE01-3C4F8DE66CC9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9C876158-03CA-4A85-8F9B-CFBAE0CD2D44}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9DA80FEF-535F-4EE2-8799-F08147374349}" = protocol=1 | dir=in | [email protected],-28543 |
"{9FEB5753-FBEE-481E-9ADE-1F337F3842B3}" = protocol=1 | dir=out | [email protected],-28544 |
"{A8FB1FC4-5C27-439C-BD77-2E4AC3B99F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BA3F847B-C684-42CC-8032-DE56459B7768}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{CF03CFBA-B111-459E-A9B8-3556F8BC91CE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{D6489CA6-68FB-4B11-9B9E-5D6E2A34B214}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{E11B312B-8029-409F-B724-92372CDD9702}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E54CA13D-9B69-42C3-90FA-F49B3AC438E7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA2443F7-E29E-445F-8AEA-EA616D7D3998}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FEFB2F57-FCBC-43A2-9FD8-3538EBB35A5C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"TCP Query User{51EE7E8C-227A-4659-BABB-77E9F6261466}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{A080651E-8561-487D-9FA1-7A4DC5213A4C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{82734611-0FE4-4AE6-B525-565E1486D71A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{86F82759-B8A0-43E2-B7A7-2F555FE28004}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"AVG" = AVG 2012
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.5
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{707bfad4-e437-40ed-9c9c-32dbc1d89a23}" = Nero 9 Essentials
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"2841-5017-1617-4151" = Snapform Viewer 1.7.16
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Metaboli" = Metaboli
"MSMONEYV80" = Microsoft Money Personal & Business
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Rapport_msi" = Rapport
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WT078791" = Bejeweled 2 Deluxe
"WT078806" = Insaniquarium Deluxe
"WT078833" = Zuma Deluxe
"WT078960" = Blasterball 3
"WT078964" = Bob the Builder Can-Do-Zoo
"WT079020" = Faerie Solitaire
"WT079064" = Jewel Quest
"WT079068" = Jewel Quest Solitaire 3
"WT079108" = Penguins!
"WT079116" = Polar Bowler
"WT079120" = Polar Golfer
"WT079124" = Polar Pool
"WT079177" = Virtual Villagers - A New Home
"WT079184" = Yahtzee
"WT079363" = Build-a-lot 2
"WT079366" = Chicken Invaders 3 - Revenge of the Yolk
"WT079395" = Escape Rosecliff Island
"WT079397" = Mahjongg Artifacts
"WT079421" = Virtual Families

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1954331698-560438314-2454149162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GammonEmpire" = GammonEmpire

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2012 03:51:04 | Computer Name = Bluey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5117

Error - 07/09/2012 03:51:05 | Computer Name = Bluey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07/09/2012 03:51:05 | Computer Name = Bluey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6115

Error - 07/09/2012 03:51:05 | Computer Name = Bluey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6115

Error - 07/09/2012 03:51:06 | Computer Name = Bluey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07/09/2012 03:51:06 | Computer Name = Bluey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7176

Error - 07/09/2012 03:51:06 | Computer Name = Bluey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7176

Error - 07/09/2012 03:51:07 | Computer Name = Bluey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07/09/2012 03:51:07 | Computer Name = Bluey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8175

Error - 07/09/2012 03:51:07 | Computer Name = Bluey | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8175

[ OSession Events ]
Error - 06/03/2012 14:23:55 | Computer Name = Bluey | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3359
seconds with 2220 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/09/2012 16:27:44 | Computer Name = Bluey | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 05/09/2012 16:27:44 | Computer Name = Bluey | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 05/09/2012 16:27:44 | Computer Name = Bluey | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 05/09/2012 16:30:42 | Computer Name = Bluey | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 05/09/2012 16:30:42 | Computer Name = Bluey | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 06/09/2012 07:05:14 | Computer Name = Bluey | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 80.

Error - 06/09/2012 09:58:21 | Computer Name = Bluey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 06/09/2012 10:01:13 | Computer Name = Bluey | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 06/09/2012 10:01:55 | Computer Name = Bluey | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 06/09/2012 10:03:07 | Computer Name = Bluey | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-07 09:33:05
-----------------------------
09:33:05.607 OS Version: Windows x64 6.1.7600
09:33:05.607 Number of processors: 4 586 0x2502
09:33:05.608 ComputerName: BLUEY UserName:
09:33:09.036 Initialize success
09:34:30.692 AVAST engine defs: 12090601
09:34:47.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:34:47.662 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
09:34:47.727 Disk 0 MBR read successfully
09:34:47.732 Disk 0 MBR scan
09:34:47.743 Disk 0 Windows 7 default MBR code
09:34:47.757 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14339 MB offset 63
09:34:47.784 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 29366820
09:34:47.819 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290803 MB offset 29575665
09:34:47.860 Disk 0 scanning C:\Windows\system32\drivers
09:34:59.511 Service scanning
09:35:32.009 Modules scanning
09:35:32.010 Disk 0 trace - called modules:
09:35:32.028 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:35:32.029 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006568060]
09:35:32.030 3 CLASSPNP.SYS[fffff8800118643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045a0050]
09:35:33.493 AVAST engine scan C:\Windows
09:35:36.994 AVAST engine scan C:\Windows\system32
09:38:46.532 AVAST engine scan C:\Windows\system32\drivers
09:38:58.977 AVAST engine scan C:\Users\Martyn & Linda
09:40:19.083 Disk 0 MBR has been saved successfully to "C:\Users\Martyn & Linda\Desktop\MBR.dat"
09:40:19.092 The log file has been saved successfully to "C:\Users\Martyn & Linda\Desktop\aswMBR.txt"

Attached Files


  • 0

#4
WhiteHat
Posted 07 September 2012 - 04:20 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...g4z1k5f4692a279
IE - HKLM\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
CHR - homepage: http://www.searchqu.com/406
O3 - HKLM\..\Toolbar: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O3 - HKU\S-1-5-21-1954331698-560438314-2454149162-1000\..\Toolbar\WebBrowser: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O8:64bit: - Extra context menu item: &FreeRIP Search - C:\Program Files (x86)\FreeRIP3\toolband.dll ()
O8 - Extra context menu item: &FreeRIP Search - C:\Program Files (x86)\FreeRIP3\toolband.dll ()

:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
armiger
Posted 07 September 2012 - 05:04 PM

armiger

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
MBAM found nothing

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.07.13

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Martyn & Linda :: BLUEY [administrator]

Protection: Enabled

07/09/2012 23:57:31
mbam-log-2012-09-07 (23-57-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234159
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-1954331698-560438314-2454149162-1000\Software\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1954331698-560438314-2454149162-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{081230F8-EA50-42A9-983C-D22ABC2EED3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
C:\Program Files (x86)\FreeRIP3\toolband.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1954331698-560438314-2454149162-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{081230F8-EA50-42A9-983C-D22ABC2EED3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
File C:\Program Files (x86)\FreeRIP3\toolband.dll not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&FreeRIP Search\ deleted successfully.
File C:\Program Files (x86)\FreeRIP3\toolband.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&FreeRIP Search\ not found.
File C:\Program Files (x86)\FreeRIP3\toolband.dll not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Martyn & Linda
->Temp folder emptied: 1270380 bytes
->Temporary Internet Files folder emptied: 204920770 bytes
->Java cache emptied: 214462 bytes
->Google Chrome cache emptied: 153843518 bytes
->Apple Safari cache emptied: 15532032 bytes
->Flash cache emptied: 18180815 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 446 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84659 bytes
RecycleBin emptied: 15976613 bytes

Total Files Cleaned = 391.00 mb


OTL by OldTimer - Version 3.2.61.1 log created on 09072012_234527

Files\Folders moved on Reboot...
C:\Users\Martyn & Linda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Martyn & Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GN8JQ3U9\fastbutton[1].htm moved successfully.
C:\Users\Martyn & Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
armiger
Posted 07 September 2012 - 06:09 PM

armiger

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
all sorted now, thanks for the help
  • 0

#7
WhiteHat
Posted 07 September 2012 - 07:10 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.
  • 0

#8
WhiteHat
Posted 02 December 2012 - 09:43 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP