Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Removal Attempt has broke computer - help!


  • Please log in to reply

#1
DaveFoxall

DaveFoxall

    Member

  • Member
  • PipPip
  • 36 posts
Rshaffer61 has been very kind to help me up to this point HERE. He advised me to run OTL and come here asking for help. I have the two .txt files available should you need to look on them, any advice would be massively appreciated, thanks in advance.

EDIT: Figured you where bound to need these anyway?

OTL.TXT

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 83.57% Memory free
4.84 Gb Paging File | 4.42 Gb Available in Paging File | 91.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 100.62 Gb Free Space | 67.51% Space Free | Partition Type: NTFS
Drive D: | 1.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: USER-A3BBC481A3 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 14:13:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/05 13:34:56 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/12/05 13:34:56 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/01/17 20:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 20:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/11 17:35:02 | 000,103,936 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 11:09:15 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ws2ifsl.dll -- (wudfsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SANDRA.dll -- (windowblinds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JRAID.dll -- (WavxDMgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JavaQuickStarterService.dll -- (was)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATMsg.dll -- (VX3000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pinnacleupdatesvc.dll -- (vwkernel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p1131vid.dll -- (VRADFIL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EMATCORE.dll -- (vpcusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scan.dll -- (vmsprog)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pimsgss.dll -- (vmparport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysaudio.dll -- (Video3D)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siskp.dll -- (UsbDiag)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PGPdisk.dll -- (usbatapi2000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\datunidr.dll -- (tdrpman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvpvrmon.dll -- (sskbfd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sandrathesrv.dll -- (ss_mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\puscsrvc.dll -- (sqlagent$sony_mediamgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mohfilt.dll -- (slapd-data52)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\omnidrv.dll -- (rvsinst)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SecureStorageService.dll -- (RTLE8023xp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctac32k.dll -- (RivaTuner32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GBDevice.dll -- (rimmptsk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ca-messagequeuing.dll -- (retrolauncher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eSettingsService.dll -- (portio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wudfpf.dll -- (pnmsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mqdmmdm.dll -- (nv4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmdmpmsp.dll -- (nod32krn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZD1211BU(ZyDAS).dll -- (NetwareWorkstation)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nalntservice.dll -- (motoswitchservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\QPSched.dll -- (MagicTune)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imountsrv.dll -- (LRMINIPORT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w200bus.dll -- (KR10I)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sony_ssm.sys.dll -- (IWCA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (hsxhwazl)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amdagp.dll -- (fallback)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmdmpmsn.dll -- (Eplpdx02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sentinelprotectionserver.dll -- (DSXUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SetupNT.dll -- (cvintdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PciBus.dll -- (CTAUDFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Anydlc.dll -- (CDRPDACC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnslea.dll -- (aswrdr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mgisvr.dll -- (alertservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scramby.dll -- (AffinegyService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\V0080Dev.dll -- (AF15BDA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\admjoy.dll -- (aegisp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tm_cfw.dll -- (acdpowerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\{a7447300-8075-4b0d-83f1-3d75c8ebc623}.dll -- (6to4)
SRV - [2012/04/14 09:57:09 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/05 13:34:56 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/02/11 17:35:02 | 000,103,936 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/01/18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2012/01/18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/10/13 13:06:14 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011/10/13 13:06:14 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011/10/13 13:06:14 | 000,045,240 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/03/11 13:00:56 | 000,010,520 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND)
DRV - [2010/02/10 13:09:54 | 000,090,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2010/02/09 05:56:14 | 000,222,248 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/06/13 16:24:14 | 002,155,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/01/08 21:16:50 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atikmdag.sys -- (R300)
DRV - [2006/04/01 21:31:52 | 003,856,896 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:23:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/22 20:28:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/22 20:28:24 | 000,000,000 | ---D | M]

[2011/12/14 17:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/12/14 17:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\[email protected]
[2011/12/14 17:09:25 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABCBFDE-9B65-47E3-B370-E3BCD7290726}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/09 20:39:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - K:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/16 05:58:13 | 000,000,049 | R--- | M] () - K:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c77b7956-2657-11e1-a41a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c77b7956-2657-11e1-a41a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c77b7956-2657-11e1-a41a-806d6172696f}\Shell\AutoRun\command - "" = K:\Autorun.exe -- [2011/09/16 08:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{d86a2dee-6e96-11e1-a439-001e0ba7f304}\Shell - "" = AutoRun
O33 - MountPoints2\{d86a2dee-6e96-11e1-a439-001e0ba7f304}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d86a2dee-6e96-11e1-a439-001e0ba7f304}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 16:14:40 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2012/05/01 15:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\backup
[2012/05/01 15:10:33 | 000,000,000 | ---D | C] -- C:\archive_db
[2012/05/01 15:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\restore
[2012/05/01 15:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2012/05/01 15:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\launcher
[2012/05/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free
[2012/05/01 15:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2012/05/01 13:19:24 | 001,940,656 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\user\Desktop\RegCureSetup_RW.exe
[2012/05/01 10:37:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/04/30 22:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2012/04/30 22:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/30 21:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/04/30 17:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\IObit
[2012/04/30 17:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/04/30 15:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2012/04/30 15:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\.thumbnails
[2012/04/30 14:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\.gimp-2.6
[2012/04/30 14:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\gegl-0.0
[2012/04/30 14:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
[2012/04/30 14:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2012/04/30 12:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/30 12:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/30 12:07:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/04/30 12:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Smart Fortress 2012
[2012/04/30 12:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F4D562BF0000A21B6A50EF58D151FC4E
[2012/04/18 08:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\PMB Files
[2012/04/18 08:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/04/18 08:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012/04/16 13:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/04/16 13:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/04/16 13:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Championship Manager 01-02
[2012/04/15 10:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.72
[2012/04/15 10:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\DOSBox-0.72
[2012/04/06 20:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/04/03 18:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Scans
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/01 16:12:49 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/01 16:12:49 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/01 16:10:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/01 16:05:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/01 15:57:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/01 15:09:17 | 000,002,116 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk
[2012/05/01 14:13:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2012/05/01 11:16:28 | 001,940,656 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\user\Desktop\RegCureSetup_RW.exe
[2012/05/01 09:40:19 | 000,004,990 | ---- | M] () -- C:\Documents and Settings\user\Application Data\wklnhst.dat
[2012/04/30 22:12:11 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/30 22:04:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/30 18:36:55 | 000,270,851 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/30 17:53:15 | 000,020,276 | ---- | M] () -- C:\Documents and Settings\user\.recently-used.xbel
[2012/04/30 16:55:26 | 096,691,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/30 14:51:51 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2012/04/30 09:22:11 | 000,231,662 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Agricola scoresheet.bmp
[2012/04/12 03:07:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/01 15:09:17 | 000,002,116 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk
[2012/04/30 17:53:15 | 000,020,276 | ---- | C] () -- C:\Documents and Settings\user\.recently-used.xbel
[2012/04/30 14:51:51 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2012/04/30 12:06:11 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/30 09:22:11 | 000,231,662 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Agricola scoresheet.bmp
[2012/04/12 07:30:46 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/15 06:36:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/12 23:28:10 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/11/22 20:19:22 | 000,206,223 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2011/11/22 20:19:22 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2011/11/22 20:15:26 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\user\Application Data\wklnhst.dat
[2011/11/22 20:13:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/22 15:26:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/11/22 15:25:26 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011/11/22 15:25:26 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/11/22 15:25:26 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/11/15 21:07:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\atiumdva.dat
[2011/11/15 21:07:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\atitmmxx.dll
[2011/11/15 20:59:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/14 18:25:45 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 20:55:38 | 000,144,357 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/11/09 20:42:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 20:35:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/09 20:25:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/09 20:24:36 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/19 10:26:20 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/26 07:48:54 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

========== LOP Check ==========

[2012/04/30 22:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/01 15:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\backup
[2011/11/13 23:09:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/04/06 20:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/11/14 20:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/05/01 15:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2012/04/30 12:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D562BF0000A21B6A50EF58D151FC4E
[2012/01/04 10:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/04/30 21:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/05/01 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2012/04/30 16:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/22 20:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2012/04/18 08:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/12/12 23:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2012/05/01 15:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\restore
[2011/12/14 17:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/11/13 23:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2012
[2012/04/30 16:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2012/04/30 17:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IObit
[2012/01/04 23:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2011/11/23 11:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2011/11/22 20:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Origin
[2011/12/12 23:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Research In Motion
[2012/04/30 13:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Spotify
[2011/12/14 17:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TomTom

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB30958$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\user\My Documents\Warhammer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\user\My Documents\Ruffdogs Docs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\user\My Documents\Blood Bowl:Roxio EMC Stream

< End of report >



EXTRAS.TXT

OTL Extras logfile created on: 01/05/2012 16:15:05 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 83.57% Memory free
4.84 Gb Paging File | 4.42 Gb Available in Paging File | 91.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 100.62 Gb Free Space | 67.51% Space Free | Partition Type: NTFS
Drive D: | 1.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: USER-A3BBC481A3 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistUMP] -- "C:\Program Files\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files\UMPlayer\umplayer.exe" -play-dir "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57666:TCP" = 57666:TCP:*:Enabled:Pando Media Booster
"57666:UDP" = 57666:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57666:TCP" = 57666:TCP:*:Enabled:Pando Media Booster
"57666:UDP" = 57666:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\Program Files\HydraIRC\HydraIRC.exe" = C:\Program Files\HydraIRC\HydraIRC.exe:*:Enabled:HydraIRC -- (Hydra Productions)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"E:\Program Files\Skype\Phone\Skype.exe" = E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Documents and Settings\user\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\user\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Cryptic Studios\Star Trek Online\Live\GameClient.exe" = C:\Program Files\Cryptic Studios\Star Trek Online\Live\GameClient.exe:*:Enabled:GameClient


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18E893B6-28F0-495B-8448-AC40F4496728}" = Broadcom Management Programs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{636F5444-8C7C-40C6-A89B-A1D2F01DC7F6}" = ATI Catalyst Control Center
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1" = Free Video Cutter 1.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F26DE123-C491-4D8C-BC86-FDF604F00226}" = Broadcom NetXtreme Ethernet Controller
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HydraIRC" = HydraIRC
"ie8" = Windows Internet Explorer 8
"Logitech Vid" = Logitech Vid HD
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"Shop for HP Supplies" = Shop for HP Supplies
"TomTom HOME" = TomTom HOME 2.8.3.2458
"UMPlayer" = UMPlayer 0.98 [Athlon]
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smart Fortress 2012" = Smart Fortress 2012
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/05/2012 05:55:03 | Computer Name = USER-A3BBC481A3 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 01/05/2012 08:15:26 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 08:38:31 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 09:51:26 | Computer Name = USER-A3BBC481A3 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Administrator\Desktop\br_free.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 01/05/2012 09:55:37 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 10:25:56 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 10:27:58 | Computer Name = USER-A3BBC481A3 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 01/05/2012 10:32:03 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 10:47:03 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 11:08:11 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

[ Application Events ]
Error - 01/05/2012 05:55:03 | Computer Name = USER-A3BBC481A3 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 01/05/2012 08:15:26 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 08:38:31 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 09:51:26 | Computer Name = USER-A3BBC481A3 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Administrator\Desktop\br_free.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 01/05/2012 09:55:37 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 10:25:56 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 10:27:58 | Computer Name = USER-A3BBC481A3 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 01/05/2012 10:32:03 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 10:47:03 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 01/05/2012 11:08:11 | Computer Name = USER-A3BBC481A3 | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 01/05/2012 08:13:05 | Computer Name = USER-A3BBC481A3 | Source = ati2mtag | ID = 43041
Description =

Error - 01/05/2012 08:16:51 | Computer Name = USER-A3BBC481A3 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 01/05/2012 08:16:51 | Computer Name = USER-A3BBC481A3 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 01/05/2012 08:16:51 | Computer Name = USER-A3BBC481A3 | Source = Service Control Manager | ID = 7023
Description = The Msmframework service terminated with the following error: %%126

Error - 01/05/2012 08:16:51 | Computer Name = USER-A3BBC481A3 | Source = Service Control Manager | ID = 7023
Description = The RIOXDRV service terminated with the following error: %%126

Error - 01/05/2012 09:46:28 | Computer Name = USER-A3BBC481A3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 01/05/2012 09:52:08 | Computer Name = USER-A3BBC481A3 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 01/05/2012 09:57:02 | Computer Name = USER-A3BBC481A3 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 01/05/2012 09:57:02 | Computer Name = USER-A3BBC481A3 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 01/05/2012 09:57:02 | Computer Name = USER-A3BBC481A3 | Source = Service Control Manager | ID = 7023
Description = The Msmframework service terminated with the following error: %%126


< End of report >

Edited by DaveFoxall, 01 May 2012 - 07:50 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Your Event log says that tcpip is not working. Let's try a few easy things and maybe we will get lucky. We can work on the slowness after we get it back on line.

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:

notepad  

(When notepad comes up type:

127.0.0.1 (hit the tab button then type) localhost (hit Enter)

It should look like this:

127.0.0.1     localhost

Now do File, Save As, "\windows\system32\drivers\etc\hosts" , OK  (Make sure you put the quotes around the file name or it won't work.  Now go back to your Command Prompt window)

netsh  winsock  reset  catalog

netsh  int  ip  reset  \reset.log


(I use two spaces in the code box so you can see where a space goes.)

Reboot.

If it still doesn't work then:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sub-entry under Network Adapters and Uninstall (if it will let you). (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test. If it still doesn't work:

Do you have the file:

C:\WINDOWS\inf\nettcpip.inf

IF so. Back up your registry:

http://pcsupport.abo...backupxpreg.htm

Then see if you can follow the steps in the Hardcore method when nothing else is working section on

http://smokeys.wordpress.com/2008/07/20/how-to-recover-a-really-dead-windows-xp-sp2sp3-tcpip-stack/

  • 0

#3
DaveFoxall

DaveFoxall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Firstly, thanks for the reply.

Method one I followed, entered the command 'netsh winsock reset catalog' and it gave an error message.

So I tried method two, and it founf the same device, reinstalled it, but still wouldn't connect with the same error about the TCPIP.

For method three, I backed up the registry successfully but my computer doesn't have the folder \INF within C:\Windows, and there was no nettcpip.inf anywhere on the computer? I looked at that link too and the first step involved a Windows XP Installation disc, which unfortunately I don't have seeing as it was delivered preinstalled.


So I came to reply and let you know I'd tried everything you suggested and to see if there was anything else you could think of, and resubmitted the 'netsh winsock reset catalog' command so I could copy down the exact error message, only this time it said it had done it succesfully and to restart the computer. So I did, and...

...it still does nothing.

When I go to view the connection in My Network Connections it shows as
Local Area Connection 3
Connected
Broadcom NetXtreme Gigabit Ethernet

Under General and Activity it shows 0 packets sent and recieved, and under support and repair, it returns the error,
"Windows could not finish repairing the problem because the following action could not be completed:
Failed to query TCP/IP settings of the connection. Cannot proceed.
For assistance, contact the person who manages your network."


Any further suggestion bar finding an XP Home installation CD and restarting everything?
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
I don't think it would boot at all without an inf folder so it is probably a hidden, system folder so you need to tell windows to let you see it:

Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

If you don't have the nettcpip.inf I can send you one but you will need to use another computer to download it and save it to a usb drive or CD.

Let's see which services are running:

Start, Run, cmd, OK then type with an Enter after each line.

sc start tcpip

sc start dhcp

sc start dnscache

sc start afd

sc start netbt



Do any of them say the service is already running?
  • 0

#5
DaveFoxall

DaveFoxall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks for the further help! Very much appreciated.

Followed the guide, found the \INF folder, there is no netcpip.inf in it, but there where a lot of similarly (Not identically) names files.

Tried all those commands:

sc start tcpip:
"[SC] StartService FAILED 1075:
The dependancy service does not exist or has been marked for deletion."

sc start dhcp
"[SC] StartService FAILED 1068:
The dependancy service does not exist or has been marked for deletion."

sc start dnscache
"[SC] StartService FAILED 1068:
The dependancy service does not exist or has been marked for deletion."

sc start afd
"[SC] StartService FAILED 1056:
An instance of the service is already running."

sc start netbt
"[SC] StartService FAILED 1056:
An instance of the service is already running."
  • 0

#6
DaveFoxall

DaveFoxall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

If you don't have the nettcpip.inf I can send you one but you will need to use another computer to download it and save it to a usb drive or CD.


Forgot to clarify this, the desktop with the problem has no access to the net, but can still access all it's drives, so I've been using my laptop to communicate and can transfer data between the two via USB stick no problems. Which is how I've managed to get screenshots, copies of the .txt files and downloaded programs onto the desktop.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
See next post
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Previous post has the nettcpip.inf file attached in zip format. Download, Save, right click on it and Extract All. Copy the nettcpip.inf file to c:\windows\inf\

I'm also attaching a file called XP.zip. Download and Save it too. If you right click on it and Extract All you will find a bunch of .reg files which may come in handy later or you can try them first. Just right click on each and Merge. These replace the critical network services. Not as good as nettcpip.inf but they are simpler to use and might help. After you Merge all of them, reboot and then run your sc checks again and see if anything has started working.
  • 0

#9
DaveFoxall

DaveFoxall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
OK, turns out I did have that nettcpip file, my bad, sorry...

(Replaced it with yours anyway, "just in case")

Did all those merges, restarted, and re-tried each of the commands, results where...

sc start tcpip
"[SC] StartService FAILED 1068:
The dependancy service or group failed to start."
(Different to last time)

sc start dhcp
"[SC] StartService FAILED 1068:
The dependancy service or group failed to start."
(Different to last time)

sc start dnscache
"[SC] StartService FAILED 1068:
The dependancy service or group failed to start."
(Different to last time)

sc start afd
"[SC] StartService FAILED 1056:
An instance of the service is already running."
(Same as before)

sc start netbt
"[SC] StartService FAILED 1056:
An instance of the service is already running."

(Same as before)
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
What does

sc start ipsec

say?
  • 0

Advertisements


#11
DaveFoxall

DaveFoxall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
[SC] StartService FAILED 2:
The system cannot find the file specified.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
See next post
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
The previous post has ipsec.zip attached. (I uploaded it directly from my XP netbook but I hate to type on it.) Download and Save and right click and Extract All then copy the ipsec.sys file to \windows\system32\drivers\

That should be the file it is looking for. Then try the

sc start ipsec

again. What does it say now?
  • 0

#14
DaveFoxall

DaveFoxall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
SERVICE_NAME: ipsec
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :



Still no connectivity though.
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Try

sc start tcpip
sc start dhcp
sc start dnscache
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP