Help, think i am infected.

[Chris I]

Hi,
Computer keeps freezing when I go to websites such as facebook. Computer will randomly lose connections while other internet sources in the house are still working. Cpu usage also maxes out. Any help would be appreciated.

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by Chris at 19:16:33 on 2013-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2807.1274 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\locator.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360211l525l04g4z1k5t4682q28n
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://cdn1.rednoseday.com/sites/all/assets/ar/ti_required/plugin/DFusionHomeWebPlugIn.Installer.exe
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1F582A72-A073-4F54-B72D-36BFEB09E626} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1F582A72-A073-4F54-B72D-36BFEB09E626}\35B4952424731453 : DHCPNameServer = 192.168.1.100
TCP: Interfaces\{1F582A72-A073-4F54-B72D-36BFEB09E626}\35B4956353939313 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CF1C6892-61D2-470E-BAFD-587A3F1E0AB0} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Chris\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-23 08:31; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R1 RapportCerberus_53984;RapportCerberus_53984;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [2013-6-2 588048]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-6-18 229040]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-6-18 357712]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-7-29 133944]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r [?]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-21 312400]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-7-1 866336]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-21 13336]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-9 250368]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-6-18 1124632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-8 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-8 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-8 168384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2012-2-13 2028864]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-21 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-21 243232]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-21 135560]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-21 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-21 158720]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-21 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-21 321064]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-6 144640]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-5-30 14448]
S3 MHIKEY10;MHIKEY10;C:\Windows\System32\drivers\MHIKEY10x64.sys [2010-9-15 60288]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-7-3 236688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-21 239136]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\System32\drivers\s1018bus.sys [2011-2-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\System32\drivers\s1018mdfl.sys [2011-2-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\System32\drivers\s1018mdm.sys [2011-2-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1018mgmt.sys [2011-2-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1018nd5.sys [2011-2-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1018obex.sys [2011-2-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1018unic.sys [2011-2-25 146472]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2011-7-30 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-15 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-25 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S4 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-4-17 305520]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-6 50432]
S4 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-4-21 332272]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
.
=============== Created Last 30 ================
.
2013-06-25 18:12:03 -------- d-----w- C:\Users\Chris\25-06-2013
2013-06-25 17:33:22 -------- d-----w- C:\Windows\pss
2013-06-23 07:32:20 -------- d-----w- C:\Users\Chris\AppData\Roaming\RealNetworks
2013-06-23 07:31:19 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-06-23 07:31:18 -------- d-----w- C:\ProgramData\RealNetworks
2013-06-23 07:30:27 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-06-22 07:35:01 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FC28D51-EAAD-4164-8AF8-74B3CB18B97B}\offreg.dll
2013-06-21 15:53:33 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FC28D51-EAAD-4164-8AF8-74B3CB18B97B}\mpengine.dll
2013-06-18 18:12:44 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-18 18:10:35 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-18 18:09:01 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-18 18:09:01 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-03 17:07:06 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-01 10:27:03 9460464 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-05-30 05:55:04 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2013-05-30 05:55:04 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-05-30 05:55:04 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys
2013-05-30 05:53:34 -------- d-----w- C:\ProgramData\Sony Ericsson
2013-05-26 21:00:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-26 21:00:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-26 21:00:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-26 21:00:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-26 21:00:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2013-06-23 07:29:17 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-06-23 07:29:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-06-19 20:19:38 54368 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2013-06-18 15:14:30 236688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2013-06-11 20:05:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:05:26 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 01:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 02:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 02:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-27 06:43:49 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys
2013-04-27 06:43:47 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 19:18:03.11 ===============
AswMBR:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-25 19:20:14
-----------------------------
19:20:14.168 OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:14.168 Number of processors: 2 586 0x2502
19:20:14.168 ComputerName: CHRIS-PC UserName: Chris
19:20:17.241 Initialize success
19:22:09.720 AVAST engine defs: 13062500
19:22:37.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:22:37.427 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
19:22:37.646 Disk 0 MBR read successfully
19:22:37.646 Disk 0 MBR scan
19:22:37.661 Disk 0 Windows 7 default MBR code
19:22:37.677 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
19:22:37.692 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
19:22:37.724 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290807 MB offset 29566976
19:22:37.864 Disk 0 scanning C:\Windows\system32\drivers
19:22:53.357 Service scanning
19:23:34.215 Modules scanning
19:23:34.215 Disk 0 trace - called modules:
19:23:34.246 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:23:34.246 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046da060]
19:23:34.262 3 CLASSPNP.SYS[fffff8800221543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800457c050]
19:23:36.087 AVAST engine scan C:\Windows
19:23:40.408 AVAST engine scan C:\Windows\system32
19:28:02.630 AVAST engine scan C:\Windows\system32\drivers
19:28:23.503 AVAST engine scan C:\Users\Chris
19:31:27.504 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
19:31:27.520 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"


Thanks for any help.
Chris

[ken545]

Chris, reply to this topic only and don't start any new topics. Just so you know, with the amount of topics you started and did not reply to, most helpers are reluctant to take them.



Please download Malwarebytes Anti-Malware to your desktop.

• Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan as shown below.
  
  
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[Chris I]

Thanks for the help, here is the MBAM log. OTL to follow.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Chris :: CHRIS-PC [administrator]

30/06/2013 18:28:44
mbam-log-2013-06-30 (18-28-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212220
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Chris I]

OTL logfile created on: 30/06/2013 18:37:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.74 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 46.90% Memory free
5.48 Gb Paging File | 3.55 Gb Available in Paging File | 64.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.99 Gb Total Space | 216.30 Gb Free Space | 76.16% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MHIKEY10) -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys (Generic USB smartcard reader)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\drivers\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\drivers\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\drivers\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\drivers\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\drivers\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\drivers\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (RapportCerberus_53984) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1121932470-416344675-206018667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...4z1k5t4682q28n
IE - HKU\S-1-5-21-1121932470-416344675-206018667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKU\S-1-5-21-1121932470-416344675-206018667-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1121932470-416344675-206018667-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1121932470-416344675-206018667-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB420GB420
IE - HKU\S-1-5-21-1121932470-416344675-206018667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1121932470-416344675-206018667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4307
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4307
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307
FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:13.0.1.4307
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Chris\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/23 08:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/04/27 07:44:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/04/27 07:44:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/04/27 07:44:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/04/27 07:44:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/04/27 07:44:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/01/04 11:28:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/23 08:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/23 19:32:44 | 000,000,000 | ---D | M]

[2011/08/04 13:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/08/04 13:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/05/09 20:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\extensions
[2013/05/09 20:12:29 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ygfqz17h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/23 19:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/23 19:32:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/23 19:32:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/06/23 19:32:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/06/23 19:32:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/06/23 19:32:34 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2013/06/23 19:32:34 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013/04/27 07:44:00 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013/04/27 07:44:00 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2013/04/27 07:44:00 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2013/04/27 07:44:00 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
[2013/06/23 19:32:44 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/16 20:35:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/06/23 19:32:43 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2013/03/15 10:20:45 | 000,000,147 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1121932470-416344675-206018667-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T27L1...t/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://cdn1.rednoseday.com/sites/all....Installer.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F582A72-A073-4F54-B72D-36BFEB09E626}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF1C6892-61D2-470E-BAFD-587A3F1E0AB0}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7a4a20c1-7637-11e0-8139-88ae1d63217a}\Shell - "" = AutoRun
O33 - MountPoints2\{7a4a20c1-7637-11e0-8139-88ae1d63217a}\Shell\AutoRun\command - "" = E:\TotalLock.exe
O33 - MountPoints2\{99febc5d-40b7-11e0-a5a1-88ae1d63217a}\Shell - "" = AutoRun
O33 - MountPoints2\{99febc5d-40b7-11e0-a5a1-88ae1d63217a}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{a82e3b74-c8eb-11e2-9a8c-88ae1d63217a}\Shell - "" = AutoRun
O33 - MountPoints2\{a82e3b74-c8eb-11e2-9a8c-88ae1d63217a}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/30 18:34:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/06/27 18:29:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak
[2013/06/25 19:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013/06/25 19:17:52 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2013/06/25 19:15:28 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2013/06/25 19:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/06/25 19:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/06/25 19:12:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\25-06-2013
[2013/06/25 18:33:22 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/06/23 19:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/06/23 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/06/23 16:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/06/23 16:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/06/23 08:32:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\RealNetworks
[2013/06/23 08:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/06/23 08:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/23 08:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/06/18 19:13:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/18 19:13:37 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/18 19:13:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/18 19:13:37 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/18 19:13:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/18 19:13:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/18 19:13:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/18 19:13:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/18 19:13:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/18 19:13:36 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/18 19:13:35 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/18 19:13:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/18 19:13:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/18 19:12:41 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/18 19:12:41 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/18 19:10:35 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/18 19:10:35 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/18 19:10:31 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/18 19:10:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/18 19:10:20 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/18 19:10:11 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/18 19:10:11 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/18 19:10:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/18 19:10:10 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/18 19:10:10 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/18 19:10:10 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/18 19:09:01 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/18 19:09:01 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/05 19:14:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Media Go
[2013/06/03 18:07:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/03 18:07:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/03 18:07:06 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

========== Files - Modified Within 30 Days ==========

[2013/06/30 18:34:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/06/30 18:22:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 18:22:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 18:12:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/30 18:12:14 | 2207,289,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/27 18:31:29 | 000,002,160 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Centre.lnk
[2013/06/27 18:05:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/25 19:56:34 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013/06/25 19:19:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2013/06/25 19:15:29 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2013/06/25 19:13:50 | 000,000,909 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2013/06/23 17:29:57 | 000,401,189 | ---- | M] () -- C:\Users\Chris\Documents\sky.xps
[2013/06/23 17:21:48 | 000,007,601 | ---- | M] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
[2013/06/23 15:11:28 | 000,002,365 | ---- | M] () -- C:\Users\Chris\Desktop\Sky Go Desktop.lnk
[2013/06/23 08:31:09 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/23 08:31:09 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/23 08:31:09 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/23 08:30:06 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/06/23 08:29:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/06/23 08:29:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/06/23 08:29:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/06/19 21:19:38 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/06/18 16:14:30 | 000,236,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2013/06/11 21:05:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/11 21:05:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/08 15:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 12:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/05 18:09:02 | 000,000,655 | ---- | M] () -- C:\Windows\wininit.ini

========== Files Created - No Company Name ==========

[2013/06/27 18:31:29 | 000,002,160 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Centre.lnk
[2013/06/25 19:56:34 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013/06/25 19:13:50 | 000,000,909 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2013/06/23 17:29:51 | 000,401,189 | ---- | C] () -- C:\Users\Chris\Documents\sky.xps
[2013/06/23 15:11:28 | 000,002,395 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Go Desktop.lnk
[2013/06/23 15:11:28 | 000,002,365 | ---- | C] () -- C:\Users\Chris\Desktop\Sky Go Desktop.lnk
[2013/06/03 18:01:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/30 08:15:24 | 000,000,655 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/23 18:49:38 | 000,940,427 | ---- | C] () -- C:\Users\Chris\titanic.pdf
[2012/10/23 18:49:07 | 001,035,794 | ---- | C] () -- C:\Users\Chris\PV_Rain-Forests_020.pdf
[2012/10/23 18:48:47 | 000,947,010 | ---- | C] () -- C:\Users\Chris\PV_Rain-Forests-2_086.pdf
[2012/10/20 18:20:33 | 514,682,249 | ---- | C] () -- C:\Users\Chris\W995.dbk
[2012/01/22 14:00:58 | 000,017,408 | ---- | C] () -- C:\Users\Chris\AppData\Local\WebpageIcons.db
[2011/07/17 13:27:42 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2011/05/08 17:51:19 | 000,007,601 | ---- | C] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
[2011/03/21 20:48:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/21 11:41:04 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/10 20:51:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Amazon
[2013/06/05 19:17:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Audacity
[2011/04/28 18:29:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canon
[2013/06/25 16:50:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2012/04/02 14:06:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlayFirst
[2011/04/28 14:20:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Software Inspection Library
[2012/10/20 18:38:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony
[2011/02/25 09:28:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony Setup
[2012/11/10 07:32:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Spotify
[2012/07/29 12:42:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2011/08/04 13:40:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TomTom
[2011/07/03 20:54:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Trusteer
[2012/01/22 15:14:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2011/06/17 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Windows Live Writer
[2013/06/27 18:26:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2011/08/23 22:06:36 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2013/06/27 18:26:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2011/08/23 22:06:36 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728

< End of report >

[Chris I]

OTL Extras logfile created on: 30/06/2013 18:37:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.74 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 46.90% Memory free
5.48 Gb Paging File | 3.55 Gb Available in Paging File | 64.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.99 Gb Total Space | 216.30 Gb Free Space | 76.16% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CAC260-301F-4D11-B934-776B9FA96B3B}" = rport=138 | protocol=17 | dir=out | app=system |
"{24B4717F-6A01-466C-94E1-C22417634DFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F28F596-E59E-4369-82DF-F02B2A6ED9A5}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{388BE453-3D8B-4921-AA2F-86F105231A56}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{42A759C7-D9C3-4676-99B5-A5DDF727EDCB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{457B2574-C163-4F41-9DD7-A937D4C143F5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47E56D74-C9E7-4010-BE7A-66E2A3E43C86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4AE61210-498D-4E4E-91BC-CCAD87373AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{62E5043F-A509-4407-90C2-BBA6E41D3516}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62F0B7C2-61D9-4DAC-806F-665EF79D6A68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{641D5D90-2758-4909-95BF-0822F86AF26A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{65DC20FD-4E8C-455B-9645-665263395987}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{685F990E-85C6-4073-93FA-73AE27338BFB}" = lport=138 | protocol=17 | dir=in | app=system |
"{6C3654CE-0D6E-4071-B665-25EDD94B1E6E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74398DA2-168A-4049-B1DF-AC942D1A2E68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F4E54F3-0D57-4982-A9A5-0DF29A355D28}" = rport=137 | protocol=17 | dir=out | app=system |
"{87C764AB-E5CC-446E-BD57-0EB4C772B5DD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B79C1BC-2C08-440B-A7D0-CE5666759A3E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{8F7ADAB2-F0F0-4508-9499-A23EBEF05B0C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A663D015-7C76-476F-8F0C-E5D201517141}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{ADEBF830-A754-4C05-B5C3-EF8F60ED2B87}" = rport=445 | protocol=6 | dir=out | app=system |
"{B05489EF-BDE4-4C1C-80D1-4A1B8B5C3BFA}" = rport=139 | protocol=6 | dir=out | app=system |
"{B3A743EE-3C69-4FDD-83FD-35682F490365}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{BDEA403B-E633-425D-A1A4-7C75E149B261}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{C9A92253-844D-43D4-ADC4-F7B89CD9D19F}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{D9711184-3127-405A-BF83-A3697C716E36}" = lport=445 | protocol=6 | dir=in | app=system |
"{E18D1018-1342-499F-829F-8C75FBB89EA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E694F605-1155-4006-9874-D5E4E3B4F5ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7BFFB1C-66BF-4C96-AF8A-1F1AFD58EF9F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EC143708-9801-43BF-86F8-32BF63276B0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1AF995F-33F3-473B-9779-1F6E70E836C5}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C14F88-E28B-47BA-A70F-6C49F1229E6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A92C142-9D55-4AA9-AB0A-F5F67240A2EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B4E7133-8839-4F6A-B97C-43B5F86660CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C4622AE-071A-4418-96CF-F6FD0C28C0C8}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{1B23A1F5-6108-40CD-B091-DAEB0FE4E965}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{1EB388D1-2150-467A-8AFA-61FD15522962}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{21EC069B-FBA4-4992-AF8D-F5A309DECC39}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{22EE6796-70EE-4CE9-A116-394EB84AC80A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2689BF9F-F5BF-4C8F-B1EA-4A0AEE7CA5EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2882D74A-ECC9-4AD6-8434-57A676F4A430}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{28EC5A82-AE3B-4A2C-B7EA-C41092828F11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2A4BE684-C0A1-4D15-A3C5-9EEBF84A503D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A5A7BBA-ED5B-4550-A719-D0C8F9F9C939}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2AA72683-82A4-43E0-B89F-C603F1A89D31}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{327DCF95-B3CF-4832-B71C-E9F23E3D17E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34FF60E4-0350-4F86-9230-7ABF67333CED}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{3BA9231C-CC02-4C02-BC84-AA3F06E91A47}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3DD965A7-2D38-40C7-A4C9-C300B11B22B8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4E29167C-682E-4E41-9548-948321E3D610}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{52CE88EB-C0FF-4F83-890A-3050AAB16C71}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{6110C81F-0396-4F07-A9FE-6494D573697E}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{64C1A3CE-0ACF-4639-8B72-4374F5763A1A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{65BE64FA-DDBA-4115-A160-4EF0B02F458D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67484D94-2F30-4C20-A47A-E2491D49513E}" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |
"{67A51617-FF8C-47A1-9CD2-5B0D05D56469}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6EADCAA7-1525-45BE-9A70-AA0820628ACD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{713BFA57-2D7C-4DBD-8228-670D6F2DB739}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{71B980FA-FA17-4EA1-B2EF-70A593B5420A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{722A644E-2186-4B95-AC98-0F21816154A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{749C554E-8A46-4848-B031-F6E4BEE64957}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AEC57BB-E9FE-4465-9537-0BBC07C6453D}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{8490D0B5-9A97-4D3C-A46F-BFABAB843BEF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8987FFA3-A1E3-460D-A599-72AA8701AA45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B391F1E-62B2-40FE-B6A8-F1704E23640A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8EE7CD95-9056-4075-AE98-DAEE732FED03}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9CF4AB10-52DE-4DBD-83C3-9D0A341D95EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3B4686E-122F-4DC2-A060-1C4D8B642E34}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{A5EE201A-8211-4193-8888-D09A715E536C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A83F4070-F5C9-4401-89B9-C20B7BCD4B59}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B904F141-D85D-418C-9A2D-20CAC3B4DFFC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BA604FDD-58F0-4301-B996-254C2099E883}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BB694722-89FA-4D7D-9FF6-4AF14C0485CA}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{BC084ACA-AAAA-4426-A598-7967A25E1B5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C281F3A5-D8A7-4942-9BF7-E2DFC18CB66D}" = protocol=6 | dir=out | app=system |
"{C30C4E61-1DD1-43E7-AF96-C9ADE3DF875A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C789B16A-A14B-4A6A-BFE9-8DE48114A42F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{C8D6D797-480E-4714-A7A5-B18797DA0C3B}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{CB6491A2-51F8-47BC-BEFF-65BD5B476F28}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{CFBA373D-6D39-4C09-BCF1-160B3D706867}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E00EA35E-3AAE-4F36-8FD1-BC65698FA3E7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0CCA5A6-B70F-49B0-A3D0-FA2C280BBE17}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E31F50D0-EF05-4BDD-BB53-1AF6ED4AD12A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EFA23F14-63FB-4EEE-85F3-5D7C26C2E2F2}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{F4EA7A97-0FDB-4981-8538-81DE08C988D7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F88200B0-688C-41E7-939D-D66574A5230C}" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{76181127-FAAA-4020-9186-566F6F1FE858}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A3CB75BB-9907-4B70-91C1-131C9EDEF03D}C:\users\chris\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\spotify\spotify.exe |
"UDP Query User{95296D14-22D5-482A-8D78-8F54D7E2641B}C:\users\chris\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\spotify\spotify.exe |
"UDP Query User{CE636788-D0CB-49C5-92A1-FC46BF5449BE}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.6.4_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2BF9702B-52EE-4841-83C4-B5E640B6C97A}" = Media Go
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4F094CE-9B05-FB0C-DD73-A85DE5D8D283}" = Media Go Video Playback Engine 1.92.169.06150
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B08D3D14-098C-4A95-A2BE-A114E36C3A88}" = TuneUp Utilities Language Pack (en-GB)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DPP" = Canon Utilities Digital Photo Professional 3.9
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Fotosizer" = Fotosizer 1.16
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PrintProjects" = PrintProjects
"Rapport_msi" = Rapport
"RealPlayer 16.0" = RealPlayer
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Update Engine" = Sony Ericsson Update Engine
"WFTK" = Canon Utilities WFT Utility
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1121932470-416344675-206018667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3580738410.go.sky.com" = Sky Go Desktop
"Dropbox" = Dropbox
"Spotify" = Spotify
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/06/2013 13:07:07 | Computer Name = Chris-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 24/06/2013 13:07:09 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EKAiOHostService.exe, version: 7.6.10.0,
time stamp: 0x5049625e Faulting module name: EKAiOHostService.exe, version: 7.6.10.0,
time stamp: 0x5049625e Exception code: 0xc0000005 Fault offset: 0x0000b6b2 Faulting
process id: 0x7a4 Faulting application start time: 0x01ce70ee32891b7d Faulting application
path: C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe Faulting module
path: C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe Report Id: 80d2fc34-dcf0-11e2-a715-ce4619433938

Error - 25/06/2013 13:25:07 | Computer Name = Chris-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/06/2013 13:25:07 | Computer Name = Chris-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/06/2013 13:25:07 | Computer Name = Chris-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/06/2013 13:38:16 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.67:5353 18 67.1.168.192.in-addr.arpa.
PTR Chris-PC-2.local.

Error - 25/06/2013 13:38:16 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 67.1.168.192.in-addr.arpa.
PTR Chris-PC.local.

Error - 27/06/2013 13:26:38 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.72:5353 18 72.1.168.192.in-addr.arpa.
PTR Chris-PC-2.local.

Error - 27/06/2013 13:26:38 | Computer Name = Chris-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 72.1.168.192.in-addr.arpa.
PTR Chris-PC.local.

Error - 27/06/2013 13:27:58 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
stamp: 0x4f35fc1d Faulting module name: tcpmon.dll, version: 6.1.7600.16385, time
stamp: 0x4a5be082 Exception code: 0xc0000005 Fault offset: 0x00000000000066ed Faulting
process id: 0x610 Faulting application start time: 0x01ce7355975856d7 Faulting application
path: C:\Windows\System32\spoolsv.exe Faulting module path: C:\Windows\System32\tcpmon.dll
Report
Id: e863e496-df4e-11e2-b5a4-ce4619433938

[ System Events ]
Error - 26/06/2013 15:17:49 | Computer Name = Chris-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 26/06/2013 15:17:55 | Computer Name = Chris-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 9 Processor ID: 0 The details view of this entry contains
further information.

Error - 27/06/2013 12:44:28 | Computer Name = Chris-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 27/06/2013 12:44:34 | Computer Name = Chris-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 9 Processor ID: 0 The details view of this entry contains
further information.

Error - 27/06/2013 16:33:59 | Computer Name = Chris-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 27/06/2013 16:34:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
Rapid Storage Technology service to connect.

Error - 27/06/2013 16:34:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = The Intel(R) Rapid Storage Technology service failed to start due
to the following error: %%1053

Error - 27/06/2013 16:34:42 | Computer Name = Chris-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 9 Processor ID: 0 The details view of this entry contains
further information.

Error - 30/06/2013 13:12:22 | Computer Name = Chris-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 30/06/2013 13:12:31 | Computer Name = Chris-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 9 Processor ID: 0 The details view of this entry contains
further information.


< End of report >

[ken545]

Hello Chris,

Now where on the same page


aswMBR checks for rootkit type of infections , the log looks fine and since you have not said your being redirected to other sites we can rule that out.

DDS and OTL check for startup entries and new files being installed and there really is nothing malwarewise jumping out at me. In your extras log I do see an error with your WLAN.


Lets run this quick fix with OTL, it will clean out all your temp files that may be clogging your system up, it will reset your host file and flushout your DNS cache, nothing serious, just some house cleaning

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

After it reboots and you post the log, lets do this. Turn off your computer, turn off your router , turn off your cable modem and let them sit for about 5 minutes to reset. You can do the router and modem by just unplugging the power code. Then plug back in your modem, wait until all the lights are on, then plug back in your router, again wait until its fully loaded, then turn your computer back on and do some surfing to the sites you had problems with before and lets see if this makes a difference

[Chris I]

Computer is definitely quicker, still some issues with initial start up on the internet, but in the main lots better. Thanks

OTL log;
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chris\Desktop\cmd.bat deleted successfully.
C:\Users\Chris\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 118103 bytes
->Temporary Internet Files folder emptied: 198524659 bytes
->Java cache emptied: 154909 bytes
->FireFox cache emptied: 229210739 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 6232 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134491921 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95336 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 538.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06302013_200826

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF16044AE41A43F0AC.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF3C768865E8696A63.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF58D3E89EC7ADD868.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DF7D1B03FAF6E4C269.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DFA4FC2DCDD2C9D994.TMP not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\~DFC82456822A2EC22A.TMP not found!
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Chris\AppData\Local\Trusteer\Rapport\user\logs\gp_IEXPLORE.1892.log moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Chris\AppData\Local\Trusteer\Rapport\user\logs\gp_IEXPLORE.3152.log moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Chris\AppData\Local\Trusteer\Rapport\user\logs\koan.1892.log moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Chris\AppData\Local\Trusteer\Rapport\user\logs\koan.3152.log moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Chris\AppData\Local\Trusteer\Rapport\user\logs\koanlight.1892.log moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Chris\AppData\Local\Trusteer\Rapport\user\logs\koanlight.3152.log moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EJJIC83P\showthread[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
C:\Windows\temp\wbxtra_06302013_181223.wbt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[ken545]

Did you go and reset the router and modem ? What browser are you using to access the internet ?

[Chris I]

Yes, did that. Using internet explorer. It is loads better, thanks.

[ken545]

We can reset it to factory defaults if you think it needs it

Open IE and go to Tools > Internet Options > Advanced Tab > Reset Internet Explorer Setting > Reset....may take a minute or two, when its done, close IE .....reboot and give it another try and see if it made any difference