Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Worm False Positive?

Started by 67mopar , Aug 13 2012 04:58 PM

  • Please log in to reply

#1
67mopar
Posted 13 August 2012 - 04:58 PM

67mopar

    Member

  • Member
  • PipPipPip
  • 202 posts
HI All, can someone please verify this as good bad or ugly, I know avg has alot of false positives and it did not show up on any of my other scans. thank you Vista , lg laptop,


"C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_55e74765\igfxsrvc.exe";"Virus identified Worm/Generic2.CEAF";"Infected"


This is from avg free, I cant seem to access it Is it truly a bad or corrupt file?? thanks Dean
  • 0

Advertisements

#2
Gammo
Posted 17 August 2012 - 12:31 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi Dean,

It's impossible to tell if the detection is a false positive or not, with the information your provided. It looks like a false positive to me, but more investigation is required.

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • In the File name box, type, or copy and paste the following and click Open: NOTE.. Only one file per scan
  • C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_55e74765\igfxsrvc.exe
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button and wait for the reply.
  • Copy and paste the Virustotal link(s) (URL) in your next reply

  • 0

#3
67mopar
Posted 23 August 2012 - 06:05 AM

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
Hi I just got my computer back, sorry for the delay. when I follow the directions, I get an error message saying I cant open the file and that I need permission and or an administrator to open this file. This has happened before and I dont know how to give myself admin permission, even thoughI am the sole ownwer of this computer. Can you help me with that so I can check out this file, as I did get far enough to get another virus warning. Thanks, Dean
  • 0

#4
Gammo
Posted 23 August 2012 - 06:33 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Can you create a .ZIP file of the folder (C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_55e74765)?





We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

  • 0

#5
67mopar
Posted 23 August 2012 - 07:18 AM

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
OTL Extras logfile created on: 08/23/2012 8:34:50 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.71% Memory free
6.18 Gb Paging File | 4.83 Gb Available in Paging File | 78.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.78 Gb Total Space | 21.84 Gb Free Space | 19.71% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2016988935-2323152099-3380971846-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023D56C9-F4E3-419F-89BC-CA06ABB38B2E}" = lport=445 | protocol=6 | dir=in | app=system |
"{03BDE59D-7D50-4AFC-86DF-7CBFAA11706D}" = lport=137 | protocol=17 | dir=in | app=system |
"{1314D835-A6BE-44B9-94CF-6502645F7614}" = rport=445 | protocol=6 | dir=out | app=system |
"{349ADF90-A20F-481E-9234-E9C2DB667A8E}" = lport=138 | protocol=17 | dir=in | app=system |
"{36F24785-4336-4184-8512-6DCE1C021D8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3886C711-CA38-42A9-9356-E0F96BBFF46C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{4C7E5A07-79C9-4FAE-B1C1-5E4E695F523E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{56C9CBD2-149E-4AAC-BEB7-200D36354248}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5939D1AF-F375-4C31-95FF-F48934E2F3D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{61E7365A-CFDE-4A7D-8906-F1BFBD4C8F9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7016D08B-7F47-4EF7-AF60-9E50E931DF1A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{896B4593-8AF7-4995-BA79-6F076C0C7854}" = rport=138 | protocol=17 | dir=out | app=system |
"{D06F8D68-6B68-4553-8852-02B1272C5F1D}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD16DCB1-436B-409C-8B19-0F6CE69A7ED6}" = rport=137 | protocol=17 | dir=out | app=system |
"{E282B21E-5825-40E3-9C03-902FED72F9F2}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{207D8DDD-4ACF-4F77-B707-35A7D9103E45}" = protocol=1 | dir=out | [email protected],-28544 |
"{3E23BB9E-81E4-473C-94ED-00868BBF0C9D}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{4A72BBAE-495B-46D6-A5B1-66EAB38A0D77}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{60112BA6-3533-4DA8-94A3-65433642EFEB}" = dir=in | app=c:\program files\hp\digital imaging\{fa0f0a01-4631-4161-a6c2-948bf694382e}\setup\hpznui01.exe |
"{79AC70F9-A6A7-4A02-8800-1D56EDD85B56}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{7CB8280A-BD55-4375-ABC1-C1F5CBC6ACE5}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{845A58C0-98D2-4E11-8DBE-CCB98FEF8D8D}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{889DA711-718F-4AA6-859C-2EC1EBEAB3E0}" = protocol=1 | dir=in | [email protected],-28543 |
"{9762F7AF-5239-4BA2-966C-52809AEB2F51}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{A26C99A7-41AE-41DD-8CDA-7161C3AB0526}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AD33DF4A-2D8D-42C5-A658-CD8C80053849}" = protocol=58 | dir=out | [email protected],-28546 |
"{CDDECADB-DA45-4240-AA89-6F12AE89A3BF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D41766AA-4930-4930-B51E-7BA2245C7BE7}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{D5DF7877-D104-409A-A480-7CA4E60EC516}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{D8156819-D329-4FD2-AFA6-52C623202702}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{DB7257D9-FE78-40EB-9652-8EE6F3759C11}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{DF0CAED7-AE52-42A6-8C5F-50C5110897FD}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{85B34B50-D21C-4D1A-ABCA-AC7CE0A52BE3}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{A1108EED-1112-4065-8443-AC9DA49ABCD7}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{FCB842B1-310A-4A4E-8558-3439C52F1D39}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{FD63667A-9D93-4874-B643-52FACAE2B9C2}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.23
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48C10E3C-A04F-4ED0-82AF-609CC5DE0F5D}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{785F267D-DC33-4404-83ED-7B0CD5E63474}" = Bluesoleil3.1.0.2 Release 070119
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-03-17
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM Toolbar" = AIM Toolbar 5.0
"Ares" = Ares 2.1.7
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"ESET Online Scanner" = ESET Online Scanner v3
"EzManual" = EzManual
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstaCodecs_is1" = InstaCodecs
"Lexmark 3400 Series" = Lexmark 3400 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft PhotoDraw 2000" = Microsoft PhotoDraw 2000
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2016988935-2323152099-3380971846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/22/2012 1:09:36 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.6.2.3173, time stamp 0x4e1b6f92,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x000677b4, process id 0x15e0, application start time
0x01cd5099c7e47930.

Error - 06/22/2012 1:09:36 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000374, fault offset 0x000b06b7, process id 0x170c, application
start time 0x01cd5099c7e6ea30.

Error - 06/27/2012 8:28:33 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module libavcodec.dll, version 0.0.0.0, time stamp 0x494bc8bf,
exception code 0xc0000005, fault offset 0x000efbb8, process id 0x15c0, application
start time 0x01cd54c4e980ada0.

Error - 06/27/2012 8:29:03 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000374, fault offset 0x000b06b7, process id 0x928, application
start time 0x01cd54c4f59a8480.

Error - 06/27/2012 8:29:05 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000374, fault offset 0x000b06b7, process id 0x1608, application
start time 0x01cd54c5066f4b60.

Error - 06/27/2012 8:29:10 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000374, fault offset 0x000b06b7, process id 0x11c0, application
start time 0x01cd54c5084c21b0.

Error - 06/27/2012 8:29:13 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000374, fault offset 0x000b06b7, process id 0x141c, application
start time 0x01cd54c50a9b8ff0.

Error - 06/28/2012 8:57:14 AM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 120.0.194.0, time stamp
0x48f7eb0d, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc00000fd, fault offset 0x0004495d, process id 0x17d4, application
start time 0x01cd53a9cd9ed790.

Error - 07/09/2012 6:36:38 PM | Computer Name = dad-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e,
exception code 0xc0000005, fault offset 0x001328f0, process id 0xa78, application
start time 0x01cd49fff2b7cf7f.

Error - 07/09/2012 6:47:53 PM | Computer Name = dad-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: dcc Start Time: 01cd5e24bc4ef953 Termination Time: 12

Error - 07/09/2012 7:14:42 PM | Computer Name = dad-PC | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 04/29/2009 11:54:58 PM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 05/16/2009 3:38:27 PM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 3:37:44 PM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/13/2009 3:41:43 PM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/05/2009 6:51:49 AM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/24/2009 6:58:43 AM | Computer Name = dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 08/13/2012 1:33:38 PM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 08/13/2012 1:36:06 PM | Computer Name = dad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08/13/2012 1:54:55 PM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 08/13/2012 1:55:08 PM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 08/22/2012 2:45:52 PM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 08/22/2012 2:46:03 PM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 08/22/2012 2:47:41 PM | Computer Name = dad-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 08/22/2012 2:47:41 PM | Computer Name = dad-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 08/23/2012 5:17:35 AM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 08/23/2012 5:17:46 AM | Computer Name = dad-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!


< End of report >
OTL logfile created on: 08/23/2012 8:34:50 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 51.71% Memory free
6.18 Gb Paging File | 4.83 Gb Available in Paging File | 78.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.78 Gb Total Space | 21.84 Gb Free Space | 19.71% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/23 08:34:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\dad\Downloads\OTL.exe
PRC - [2012/08/22 16:28:11 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/08/08 12:13:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/02 16:36:58 | 000,096,768 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/10/18 09:15:22 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/28 08:46:53 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 08:46:48 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/28 08:46:40 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/11 02:28:05 | 000,735,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/20 06:28:56 | 000,537,264 | ---- | M] ( ) -- C:\Windows\System32\lxcycoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/22 16:28:11 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/08/08 12:13:53 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- -- (0050841232311355mcinstcleanup)
SRV - [2012/08/22 16:28:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 20:29:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/02 16:36:58 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2011/09/21 17:44:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/28 08:46:40 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/20 06:28:56 | 000,537,264 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcycoms.exe -- (lxcy_device)
SRV - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aytxxgwp)
DRV - [2011/09/21 17:44:21 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/21 17:44:21 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/02 09:10:08 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/04/29 10:14:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/30 01:39:44 | 000,384,576 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BUSB2902.sys -- (BEHRINGER_2902)
DRV - [2009/10/30 01:39:44 | 000,039,488 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\busbwdm.sys -- (BUSB_AUDIO_WDM)
DRV - [2009/08/28 08:46:53 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 08:46:53 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/01 09:10:12 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/01/13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/27 01:40:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/08/22 12:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007/08/15 10:49:48 | 000,552,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/04/03 11:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 17:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2006/12/28 12:05:10 | 000,033,936 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/22 14:41:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BtNetDrv.sys -- (BT)
DRV - [2006/11/22 14:40:50 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006/11/22 14:40:34 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2006/11/22 14:40:20 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2006/11/22 14:40:02 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2006/11/22 14:39:14 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2006/11/22 14:39:00 | 000,034,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2000/11/15 10:32:38 | 000,002,204 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UNINST2K.SYS -- (UNINST2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1098640


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1



IE - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\..\SearchScopes,DefaultScope = {CC8A5FCB-415E-48BB-8538-E0D44D221918}
IE - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=TB50TRie7
IE - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\..\SearchScopes\{CC8A5FCB-415E-48BB-8538-E0D44D221918}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/05/02 18:41:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/07/09 19:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/08 12:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/06 10:01:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/07/09 19:35:01 | 000,000,000 | ---D | M]

[2011/08/19 09:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Extensions
[2012/05/01 20:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\bph0mqab.default\extensions
[2009/03/07 18:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/02 18:41:03 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012/08/08 12:13:54 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 19:58:26 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/22 19:58:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/08 12:13:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/08 12:13:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/10 07:23:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2016988935-2323152099-3380971846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71072450-D442-48B7-81A4-9E5509574C1E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 14:55:16 | 000,000,000 | ---D | C] -- C:\Users\dad\AppData\Roaming\YourFileDownloader
[13 C:\Users\dad\Desktop\*.tmp files -> C:\Users\dad\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/23 08:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/23 08:14:04 | 062,996,499 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/08/23 07:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/23 07:19:57 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 07:19:57 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 05:19:52 | 000,377,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/23 05:17:48 | 3212,087,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 15:46:36 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/13 15:31:27 | 000,001,680 | ---- | M] () -- C:\Users\dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/08/11 16:18:22 | 000,325,444 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/11 16:18:22 | 000,210,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[13 C:\Users\dad\Desktop\*.tmp files -> C:\Users\dad\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/13 15:46:36 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/13 15:31:27 | 000,001,680 | ---- | C] () -- C:\Users\dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2012/07/09 18:51:44 | 000,186,577 | ---- | C] () -- C:\Windows\hpwins23.dat
[2012/07/09 14:22:55 | 000,185,613 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012/06/26 10:40:57 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011/11/04 13:36:02 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcyserv.dll
[2011/11/04 13:36:02 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcyusb1.dll
[2011/11/04 13:36:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcyhbn3.dll
[2011/11/04 13:36:02 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcycomc.dll
[2011/11/04 13:36:02 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcypmui.dll
[2011/11/04 13:36:02 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcylmpm.dll
[2011/11/04 13:36:02 | 000,537,264 | ---- | C] ( ) -- C:\Windows\System32\lxcycoms.exe
[2011/11/04 13:36:02 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcycomm.dll
[2011/11/04 13:36:02 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcyinpa.dll
[2011/11/04 13:36:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcyiesc.dll
[2011/11/04 13:36:02 | 000,385,712 | ---- | C] ( ) -- C:\Windows\System32\lxcyih.exe
[2011/11/04 13:36:02 | 000,381,616 | ---- | C] ( ) -- C:\Windows\System32\lxcycfg.exe
[2011/11/04 13:36:02 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcyhcp.dll
[2011/11/04 13:36:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcyinst.dll
[2011/11/04 13:36:02 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcyprox.dll
[2011/11/04 13:36:02 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcypplc.dll
[2011/06/29 11:09:10 | 000,000,008 | ---- | C] () -- C:\Users\dad\BankSelectOrder.pm
[2011/02/26 12:26:47 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/09/16 10:47:49 | 000,000,680 | ---- | C] () -- C:\Users\dad\AppData\Local\d3d9caps.dat
[2008/09/16 10:26:45 | 000,026,112 | ---- | C] () -- C:\Users\dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/03/24 20:25:14 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\Auslogics
[2009/01/16 07:03:16 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\IObit
[2011/11/14 11:05:34 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\MusE
[2009/03/07 12:19:23 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\OpenOffice.org
[2012/08/13 14:55:16 | 000,000,000 | ---D | M] -- C:\Users\dad\AppData\Roaming\YourFileDownloader
[2012/08/23 05:16:42 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#6
Gammo
Posted 23 August 2012 - 07:39 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts

Can you create a .ZIP file of the folder (C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_55e74765)?


  • 0

#7
67mopar
Posted 23 August 2012 - 07:59 AM

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
I keep getting resident shield alerts it interupts and aborts the effort.
  • 0

#8
67mopar
Posted 23 August 2012 - 08:00 AM

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
file not found no read permission.
  • 0

#9
Gammo
Posted 23 August 2012 - 11:26 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I noticed you're using an old version of AVG. Please upgrade your AVG and check if it's still detecting the file afterwards.

To upgrade AVG Free, you just have to download and install this file:
http://www.filehippo...e2e0f364df6ff4/
  • 0

#10
67mopar
Posted 23 August 2012 - 01:28 PM

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
Ive got the compressed file on my desktop but I cant paste it as an attachement, It is on there as a compressed file and not a .zip its just a folder on my desktop, I did not get any security alerts after upgrading AVG
  • 0

#11
Gammo
Posted 23 August 2012 - 03:05 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Can you update the igfxsrvc.exe file (not the compressed file) to VirusTotal now (see post #2)?
  • 0

#12
67mopar
Posted 23 August 2012 - 04:27 PM

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
https://www.virustot...sis/1345760131/
  • 0

#13
Gammo
Posted 24 August 2012 - 03:11 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
It was indeed a false positive, caused by using an old version of AVG.

Let's do some clean-up:

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

As far as I'm concerned we're done now. :)
  • 0

#14
67mopar
Posted 24 August 2012 - 05:20 AM

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 202 posts
thank you very much
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP