Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinXP Screen freezing randomly [Solved]

Started by arclight , Feb 16 2013 03:48 PM

  • This topic is locked This topic is locked

#1
arclight
Posted 16 February 2013 - 03:48 PM

arclight

    Member

  • Member
  • PipPipPip
  • 176 posts
Hi

Recently in the last few days my computer screen has been freezing randomly when in the middle of tasks or just browsing, watching videos etc.

Once froze i can still move my mouse pointer freely but nothing else. The light on ym PC is still green and i hear no bleeping noises.

I also had a BSOD this week and a driver pinpointed although after checking in the Minidump folder no crash dump seems to have been saved so i don't know the name of the driver it mentioned.

I have ran MBAM, and a few other antivirus tests but nothing came up

I also ran memtest from a boot cd guide on geekstogo to double check the ram and no errors were present.

Currently i'm using safe mode which the screen hasn't froze in this mode yet.

I ran OTL and have both logs. Any help would be much appreciated.

OTL logfile created on: 16/02/2013 21:02:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 163.27 Mb Available Physical Memory | 31.92% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.73% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 6.49 Gb Free Space | 16.94% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 9.35 Gb Free Space | 12.55% Space Free | Partition Type: NTFS

Computer Name: USER-2A1DED054E | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/16 20:53:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL6.exe
PRC - [2013/02/13 02:15:16 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/08 11:54:24 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/09/04 09:50:08 | 000,088,064 | ---- | M] () -- C:\Program Files\LeechGet 2009\ShellExtension.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\STOPzilla!\szntsvc.exe /service STOPzilla Local Service -- (STOPzilla Local Service)
SRV - File not found [Auto | Stopped] -- -- (Secunia Update Agent)
SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/08 11:55:18 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/07 23:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/19 06:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/30 23:57:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/04/06 14:25:37 | 000,423,576 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\DOWNLO~1\DMService.exe -- (DMService)
SRV - [2008/02/27 10:06:28 | 000,594,600 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2008/02/27 10:06:12 | 000,098,984 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\uti1mtkw.sys -- (uti1mtkw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (kardelia)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys -- (CrucialSMBusScan)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Unavailable | Unknown] -- system32\5883211c.sys -- (5883211c)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/11/07 23:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2012/11/07 23:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/07 23:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/09/01 08:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\psi_mf.sys -- (PSI)
DRV - [2009/12/09 17:14:44 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/03/12 22:09:36 | 002,870,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/13 18:53:09 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139)
DRV - [2003/08/14 15:16:38 | 000,404,736 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/04/11 14:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {A104E314-EC5F-4B3E-B12A-58E0BE45D9DC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{18BB3DE6-DE35-4C38-B1C1-94F4026B19BC}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{73C48547-5271-4813-B8DF-27735F763CB7}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{9C88690E-9E49-4FC8-97E4-08B5FDE94108}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{A104E314-EC5F-4B3E-B12A-58E0BE45D9DC}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.6
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/02 21:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/04 11:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/04 19:03:36 | 000,000,000 | ---D | M]

[2009/09/30 17:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/01/08 07:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions
[2011/05/06 20:24:17 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/05/13 23:54:16 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/07/08 22:10:34 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/07/08 22:10:32 | 000,061,705 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012/07/06 02:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/02 22:25:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/02/04 11:25:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/30 18:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/07/04 19:03:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/09 21:35:00 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/07/04 19:03:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/07/02 19:54:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2009\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2009\Wizard.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2009\Parser.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.co...ntingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.belfa.../WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E48C6C8-C493-4C95-98E0-262A57C9830D}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E48C6C8-C493-4C95-98E0-262A57C9830D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/04 21:00:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/16 16:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ImgBurn
[2013/02/16 16:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2013/02/16 16:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2013/02/16 01:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2013/02/16 00:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/02/15 23:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013/02/03 10:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG2013
[2013/02/03 10:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/02/03 10:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2013/02/03 10:40:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/02/03 10:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/02/03 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\MFAData
[2013/02/03 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/02/03 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Avg2013
[2013/02/02 17:44:26 | 000,034,024 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2013/02/02 17:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2013/02/02 17:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/02/02 17:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo

========== Files - Modified Within 30 Days ==========

[2013/02/16 21:05:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/16 17:41:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/16 16:35:51 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/02/16 16:35:51 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/02/16 15:52:19 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/16 03:25:06 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/15 23:57:48 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2013/02/15 16:34:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/13 16:49:51 | 536,428,544 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/02/04 11:16:18 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2013/02/03 10:42:46 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/02/02 17:15:16 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2013/02/02 17:10:21 | 001,031,793 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/01/24 22:42:49 | 000,263,888 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdvrt32.dll
[2013/01/24 22:42:48 | 000,040,656 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdkbd32.dll

========== Files Created - No Company Name ==========

[2013/02/16 16:35:51 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/02/16 16:35:51 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/02/15 23:57:48 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2013/02/03 10:42:46 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/02/02 15:21:53 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2012/12/28 01:47:10 | 001,031,793 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/02/16 20:14:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/20 03:06:42 | 000,063,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/07 19:28:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2011/09/07 19:28:28 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2011/09/07 19:27:39 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2011/09/07 19:27:38 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2011/09/07 19:27:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2011/09/07 19:27:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2011/09/07 19:27:37 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2011/09/07 19:27:37 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2011/09/07 19:27:37 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2011/09/07 19:27:37 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2011/09/07 19:27:37 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2011/09/07 19:27:36 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2011/09/07 19:27:36 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpih.exe
[2011/09/07 19:27:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2011/09/07 19:27:35 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2011/09/07 19:27:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcoms.exe
[2011/09/07 19:27:35 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2011/09/07 19:27:35 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcfg.exe
[2011/05/26 21:09:34 | 000,006,254 | ---- | C] () -- C:\Documents and Settings\user\Application Data\ADBA.BB3
[2011/03/11 19:30:43 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/04/12 12:40:21 | 000,370,597 | ---- | C] () -- C:\Documents and Settings\user\.fonts.cache-1
[2009/02/23 05:22:19 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\user\Application Data\AutoGK.ini
[2007/09/11 21:02:41 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 17:24:04 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\user\default.pls

========== ZeroAccess Check ==========

[2010/12/09 15:15:09 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\@
[2010/12/09 15:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\L
[2010/12/09 15:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\U
[2007/10/23 22:21:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/06/30 13:02:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2013/02/03 10:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2008/01/28 17:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/09/22 21:16:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/04 02:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/10/25 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2013/02/16 16:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/18 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/08/10 18:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2007/09/12 21:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/03 14:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/18 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}
[2011/09/22 23:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2012
[2013/02/03 10:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2013
[2009/01/15 03:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\avidemux
[2008/11/15 00:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AviDvdBurner
[2012/01/26 08:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Azureus
[2008/03/27 17:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BIFHE
[2007/10/31 20:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer
[2007/10/31 20:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer Pro
[2011/07/02 21:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DDMSettings
[2007/09/13 01:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2009/01/15 04:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2013/02/16 16:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ImgBurn
[2009/10/25 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\JCreator
[2012/03/05 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2011/09/22 21:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2008/06/18 17:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Seven Zip
[2007/09/12 21:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\STOPzilla!
[2007/10/03 00:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Template
[2013/02/03 10:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2007/09/13 01:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinPatrol
[2012/09/24 20:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\xsecva

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >







OTL Extras logfile created on: 16/02/2013 21:02:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 163.27 Mb Available Physical Memory | 31.92% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.73% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 6.49 Gb Free Space | 16.94% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 9.35 Gb Free Space | 12.55% Space Free | Partition Type: NTFS

Computer Name: USER-2A1DED054E | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\sopvod.exe" = C:\Program Files\SopCast\sopvod.exe:*:Disabled:sopvod -- ()
"C:\Program Files\Azureusvuze\Azureus.exe" = C:\Program Files\Azureusvuze\Azureus.exe:*:Disabled:Azureus -- (Azureus Inc)
"C:\Program Files\Azureus2\Azureus.exe" = C:\Program Files\Azureus2\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Abyss Web Server\abyssws.exe" = C:\Program Files\Abyss Web Server\abyssws.exe:*:Enabled:Abyss Web Server X1 -- (Aprelium)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdpcoms.exe" = C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe" = C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{013BE9DC-2E1A-7E95-15D9-C81E91A19510}" = Catalyst Control Center Graphics Full Existing
"{033E06D3-487A-8ED4-1672-B060C0A97D24}" = Skins
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06542CA3-F90C-BE75-656E-83A0B076213A}" = Catalyst Control Center Localization Czech
"{074C0987-378C-5E80-15F6-437B8717A16D}" = ccc-core-preinstall
"{08ABF6AA-C9E7-4A75-9A11-A2D34D79B7B7}" = Microsoft PrintForm Component 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1583C7B3-5D84-4E62-9C55-BCB795EE7B19}" = Catalyst Control Center Core Implementation
"{18070238-0B24-6C19-52B8-368D26E8F1BC}" = Catalyst Control Center Localization Italian
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D341BEB-869D-E150-1A18-10B02B7E10BF}" = Catalyst Control Center Localization Finnish
"{1D544865-1A49-C99A-7189-ADD5464D8381}" = Catalyst Control Center Localization Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2EE09C14-D1C8-D38C-B8BD-4A5DDA31A33C}" = CCC Help Danish
"{2F6D51D7-F65C-840D-69B3-F9CDC4D1C2CC}" = CCC Help Turkish
"{3037A890-E9CE-4E89-A7FA-0540A3A6A887}" = STOPzilla!
"{3187E3CF-A2C8-F15F-ADEE-3A966CCAB69E}" = CCC Help Thai
"{347362FC-2826-4EDB-B1E3-FC55900CA632}_is1" = HJ-Split 2.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B45D262-3BEE-477F-8652-EC24950D3F65}" = Adobe Director 11
"{3D84CD86-8A47-D0BF-CD0D-AC1749D1B895}" = CCC Help Norwegian
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44BABF05-8ED2-CEE4-D59F-17E605C4B6FE}" = CCC Help Chinese Traditional
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{469231D8-0FBD-82A8-4DC6-DDC664A77629}" = Catalyst Control Center Localization Portuguese
"{49899342-3922-06B5-E38E-17DE462A18C3}" = CCC Help Russian
"{49F10BCB-9587-6C5B-51F8-BE18A732183F}" = Catalyst Control Center Localization Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A545288-D1F5-0C0F-BC97-8179E6FF1794}" = CCC Help Japanese
"{510D967A-B190-C5B9-D2F8-D2009EB2EF93}" = Catalyst Control Center Localization Russian
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59B84475-BEA1-CCBB-36C0-A7CD804F821F}" = Catalyst Control Center Localization Spanish
"{5AFAF0D6-E4FB-CB2C-CAA1-AF78055CD951}" = CCC Help Italian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60469B62-EB5C-D37E-D473-4F763F541783}" = Catalyst Control Center Localization Norwegian
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6CDE6C4F-6FD7-4F24-A116-F0D173432FFC}" = Adobe Setup
"{71A78AEF-7D16-0917-778E-1E04D486FB9E}" = Catalyst Control Center Graphics Light
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770A65D6-F37E-7447-517A-E62282C7EA18}" = CCC Help French
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7B2387B2-63DC-5F0D-3E44-130AB689F1A2}" = Catalyst Control Center Graphics Previews Common
"{7D3CA676-421C-5854-1D80-535FD684E5BC}" = Catalyst Control Center Localization Hungarian
"{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013
"{8041F412-ABCE-51DA-B8D4-E1BC75FDBF0D}" = Catalyst Control Center Localization Chinese Standard
"{8314CCDE-D301-CABC-EDE7-D391D3E1C7DC}" = CCC Help Spanish
"{8428DF28-CCAF-501E-25CD-1391CD2D5CC9}" = CCC Help Portuguese
"{86B03DBF-D97A-02D7-C6E0-64B1CF7998D8}" = Catalyst Control Center Localization German
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF06947-F556-D573-95D1-AB7A7440AAA1}" = CCC Help Greek
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8DC25D22-3957-4F3F-14F1-4413DB0ED51F}" = Catalyst Control Center Localization Polish
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{913CA370-6B97-3C12-F54D-1BBA8F41303A}" = CCC Help Czech
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{94175F2B-39EB-B64B-50B0-501EDD13D820}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0052-0409-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
"{966077F9-4923-B3B1-73A6-593E4627B5F7}" = Catalyst Control Center Localization French
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials
"{9DA4749E-BF71-8DAE-948A-3A44408550D6}" = Catalyst Control Center Graphics Full New
"{A1ECCE64-98DB-4F40-95BB-1BD8F1C939B2}" = Dealio Toolbar
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5227CA4-8613-CB80-EFC0-D90A424B5430}" = Catalyst Control Center Localization Turkish
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B197FA45-6A2A-8CA4-888B-38BF0DD5DC90}" = CCC Help Chinese Standard
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F40112-0067-880A-C696-5E2ECC547F2B}" = Catalyst Control Center Localization Danish
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{BA185841-9581-E711-8DB3-24FA5ADED6AD}" = CCC Help English
"{BB00789E-CDE5-0824-F8CB-ABF5EAA0BB1A}" = Catalyst Control Center Localization Chinese Traditional
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6BA2362-C93F-73F5-29E9-CF4100C5CA02}" = Catalyst Control Center Localization Swedish
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C8D251E7-1660-47EF-856A-8B23A09E8088}" = KnowledgeWright 4.3.2
"{C930BF21-C79B-C4DC-7092-2E7898FE5554}" = CCC Help Swedish
"{C9BC573D-3BB5-C839-409D-C964E874188D}" = CCC Help Polish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D657FAA8-9042-9CE7-14D9-048A5C88818D}" = Catalyst Control Center Localization Greek
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1DED507-D03F-C0E4-ECE6-542541897A0C}" = CCC Help Finnish
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 1
"{E3B35466-F7B6-3BE0-EE8D-3DEE37492649}" = CCC Help German
"{E7F430A8-AADA-6F9C-CE37-E1174BAD27B0}" = ccc-utility
"{EC15C65D-4DE1-3AC7-93B5-D7B2FC02EC09}" = ccc-core-static
"{ECD2A0EE-7BAB-463A-F910-4FD7CE58FC00}" = Catalyst Control Center Localization Japanese
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}" = Debugging Tools for Windows
"{F6C11B5C-0E30-E6F8-46B9-21EF9CE7995D}" = CCC Help Korean
"{F79E3C41-5367-5ADA-5C18-4C9E91FD9852}" = Catalyst Control Center Localization Korean
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FEF74B44-EF2B-762C-3D69-4CA101E792B4}" = CCC Help Dutch
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_2755fefb5e3352ee2921713793bdbf8" = Adobe Director 11
"Alarm Master_is1" = Alarm Master v 4.23
"All ATI Software" = ATI - Software Uninstall Utility
"AllToAVI" = AllToAVI v4 r5394
"Alt.Binz" = Alt.Binz 0.25.0
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0
"AutoGK" = Auto Gordian Knot 2.55
"AVG" = AVG 2013
"Avidemux 2.4" = Avidemux 2.4
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"Azureus Vuze" = Azureus Vuze
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"DivX Setup.divx.com" = DivX Setup
"DRM7Tool" = Personal License Update Wizard for Windows Media Player
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DvdCover+_is1" = DvdCover+ 2.1
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"FileHippo.com" = FileHippo.com Update Checker
"Free Registry Fix" = Free Registry Fix 3.10
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"JCreator LE_is1" = JCreator LE 4.50
"LeechGet 2009_is1" = LeechGet 2009 Version 2.1
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MeGUI modern media encoder" = MeGUI modern media encoder (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 2.5.1
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MUSTEK 1200 UB v2.1" = MUSTEK 1200 UB v2.1
"Opera 11.64.1403" = Opera 11.64
"Opera 12.14.1738" = Opera 12.14
"Polipo" = Polipo 1.0.4.1
"RealAlt_is1" = Real Alternative 1.8.2
"Revo Uninstaller" = Revo Uninstaller 1.93
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SereneScreen Marine Aquarium Time_is1" = SereneScreen Marine Aquarium Time
"SopCast" = SopCast 2.0.4
"Source Edit_is1" = Source Edit 4.0
"Speccy" = Speccy
"STOPzilla" = STOPzilla!
"Test My Hardware_is1" = Test My Hardware 2.3
"TextBridge Classic 2.0" = TextBridge Classic 2.0
"Tor" = Tor 0.2.1.25
"TVUPlayer" = TVUPlayer 2.4.1.0
"Veetle TV" = Veetle TV 0.9.18
"Vidalia" = Vidalia 0.2.7
"VLC media player" = VLC media player 0.9.8a
"VobSub" = VobSub v2.23 (Remove Only)
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.7.1
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2007
"WinRAR archiver" = WinRAR archiver
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AbyssWebServer" = Abyss Web Server X1 (remove only)
"UnOfficial McAfee SiteAdvisor Widget" = UnOfficial McAfee SiteAdvisor Widget
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/03/2012 20:11:10 | Computer Name = USER-2A1DED054E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/07/2012 00:03:15 | Computer Name = USER-2A1DED054E | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #2652. Just-In-Time
debugging this exception failed with the following error: The process ID is invalid.

Check
the documentation index for 'Just-in-time debugging, errors' for more information.

Error - 17/07/2012 00:03:15 | Computer Name = USER-2A1DED054E | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #2652. Just-In-Time
debugging this exception failed with the following error: The process ID is invalid.

Check
the documentation index for 'Just-in-time debugging, errors' for more information.

Error - 17/07/2012 00:03:15 | Computer Name = USER-2A1DED054E | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #2652. Just-In-Time
debugging this exception failed with the following error: The process ID is invalid.

Check
the documentation index for 'Just-in-time debugging, errors' for more information.

Error - 17/07/2012 00:03:15 | Computer Name = USER-2A1DED054E | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #2652. Just-In-Time
debugging this exception failed with the following error: The process ID is invalid.

Check
the documentation index for 'Just-in-time debugging, errors' for more information.

Error - 27/12/2012 21:49:10 | Computer Name = USER-2A1DED054E | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 27/12/2012 21:49:10 | Computer Name = USER-2A1DED054E | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 27/12/2012 21:49:10 | Computer Name = USER-2A1DED054E | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 21/01/2013 03:49:10 | Computer Name = USER-2A1DED054E | Source = Application Hang | ID = 1002
Description = Hanging application winamp.exe, version 5.6.2.3161, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 02/02/2013 13:38:45 | Computer Name = USER-2A1DED054E | Source = MsiInstaller | ID = 11706
Description = Product: STOPzilla! -- Error 1706. No valid source could be found
for product STOPzilla!. The Windows installer cannot continue.

[ System Events ]
Error - 16/02/2013 11:25:03 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 16/02/2013 11:25:03 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 16/02/2013 12:09:56 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/02/2013 12:10:58 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%31

Error - 16/02/2013 12:10:58 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK7 AVGIDSDriver AVGIDSShim avgio Avgldx86 avipbb cmdGuard Fips ssmdrv

Error - 16/02/2013 12:35:34 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 16/02/2013 12:42:37 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/02/2013 13:42:15 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/02/2013 13:43:17 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%31

Error - 16/02/2013 13:43:17 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK7 AVGIDSDriver AVGIDSShim avgio Avgldx86 avipbb cmdGuard Fips ssmdrv


< End of report >

Edited by arclight, 16 February 2013 - 09:47 PM.

  • 0

Advertisements

#2
Satchfan
Posted 17 February 2013 - 03:27 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hello arclight and welcome to GeeksToGo .

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply with instructions shortly.

Satchfan
  • 0

#3
Satchfan
Posted 17 February 2013 - 04:56 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hello again arclight

There are a few things that jumped out at me after a quick glance at your logs and I’d like to address these before I get you to run a couple of different scans.

StopZilla

First, I would urge you to remove StopZilla and refrain from visiting their website. Read more here.

===================================================

Multiple antiviruses

There are remnants of Avira plus AVG and Ad-Aware which are both installed, (Ad-Aware now includes antivirus protection).

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

This, together with StopZilla, could be part of your current problems.

We can get rid of the old Avira entries but you need to uninstall one of the others. I would suggest you uninstall Ad-Aware.

  • click on Start, Settings, Control Panel
  • double-click Add or Remove Programs
  • scroll down the list click on AdAware or Lavasoft AdAware and then on Remove.
===================================================

Registry cleaners

I noticed is that you have some registry tweaking utilities, (Eusing Free Registry Cleaner and Free Registry Fix 3.10).

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

I strongly advise you to get rid of both of the ones I mentioned and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other computer.

One of the malware experts, miekiemoes, has an excellent write-up here
Another excellent article by Bill Castner is located here

===================================================

P2P - I see you have P2P software, (Azureus Vuze), installed on your machine.

I am not here to pass judgment on file-sharing as a concept but I will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Download and run Junkware Removal Tool

Posted Image Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.
================================================

Run MiniToolBox

Note: Please make sure Firefox is closed before you run this.

Please download MiniToolBox, save it to your desktop and run it.

Place a checkmark in the following checkboxes:

  • Flush DNS
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

When you’ve run these, please run OTL again and post the new log.

Logs to include in the next post:

JRT.txt
Result.txt
OTL.txt

Thanks

Satchfan
  • 0

#4
arclight
Posted 17 February 2013 - 08:52 AM

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Hi Satchfan. Thx for the help

I uninstalled ad-aware, Azureus Vuze, Both registry cleaners and stopzilla.

Stopzilla still appears though, its a pain. Here are the logs starting with the junk removal tool.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.4 (02.16.2013:1)
OS: Microsoft Windows XP x86
Ran by user on 17/02/2013 at 14:14:28.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{e67c74f4-a00a-4f2c-9fec-fd9dc004a67f}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dealio.dealiobho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dealio.dealiobho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dealio.dealiosearch
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dealio.dealiosearch.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dealio.dealiotoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dealio.dealiotoolbar.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dealio.dealiotoolbarhelper
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dealio.dealiotoolbarhelper.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{5c00a371-2011-4af3-97c8-6ce66aa744cb}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9f038672-0425-4792-bc9c-36de3308e8aa}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e67c74f4-a00a-4f2c-9fec-fd9dc004a67f}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\user\Application Data\mozilla\firefox\profiles\x36qtul5.default\user.js
Successfully deleted: [File] C:\Documents and Settings\user\Application Data\mozilla\firefox\profiles\x36qtul5.default\invalidprefs.js
Emptied folder: C:\Documents and Settings\user\Application Data\mozilla\firefox\profiles\x36qtul5.default\minidumps [11 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/02/2013 at 14:30:10.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next is the MiniToolbox

MiniToolBox by Farbar Version:10-01-2013
Ran by user (administrator) on 17-02-2013 at 14:33:25
Running from "H:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.

========================= IP Configuration: ================================

Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=8.26.56.26 register=PRIMARY
add dns name="Local Area Connection" addr=156.154.70.22 index=2
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : user-2a1ded054e

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : cable.virginmedia.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : cable.virginmedia.net

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-0F-EA-18-E8-A6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 86.12.248.167

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 86.12.248.1

DHCP Server . . . . . . . . . . . : 62.253.131.21

DNS Servers . . . . . . . . . . . : 8.26.56.26

156.154.70.22

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : 17 February 2013 13:31:35

Lease Expires . . . . . . . . . . : 21 February 2013 13:48:37

Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: google.com.cable.virginmedia.net
Address: 92.242.144.50



Pinging google.com [173.194.41.137] with 32 bytes of data:



Reply from 173.194.41.137: bytes=32 time=20ms TTL=55

Reply from 173.194.41.137: bytes=32 time=26ms TTL=55



Ping statistics for 173.194.41.137:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 26ms, Average = 23ms

Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: yahoo.com.cable.virginmedia.net
Address: 92.242.144.50



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=230ms TTL=47

Reply from 206.190.36.45: bytes=32 time=228ms TTL=47



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 228ms, Maximum = 230ms, Average = 229ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f ea 18 e8 a6 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 86.12.248.1 86.12.248.167 20
86.12.248.0 255.255.252.0 86.12.248.167 86.12.248.167 20
86.12.248.167 255.255.255.255 127.0.0.1 127.0.0.1 20
86.255.255.255 255.255.255.255 86.12.248.167 86.12.248.167 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 86.12.248.167 86.12.248.167 20
255.255.255.255 255.255.255.255 86.12.248.167 86.12.248.167 1
Default Gateway: 86.12.248.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/02/2013 05:38:45 PM) (Source: MsiInstaller) (User: USER-2A1DED054E)
Description: Product: STOPzilla! -- Error 1706. No valid source could be found for product STOPzilla!. The Windows installer cannot continue.

Error: (01/21/2013 07:49:10 AM) (Source: Application Hang) (User: )
Description: Hanging application winamp.exe, version 5.6.2.3161, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/28/2012 01:49:10 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/28/2012 01:49:10 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/28/2012 01:49:10 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/17/2012 04:03:15 AM) (Source: VsJITDebugger) (User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in process #2652. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (07/17/2012 04:03:15 AM) (Source: VsJITDebugger) (User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in process #2652. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (07/17/2012 04:03:15 AM) (Source: VsJITDebugger) (User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in process #2652. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (07/17/2012 04:03:15 AM) (Source: VsJITDebugger) (User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in process #2652. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (03/30/2012 00:11:10 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (02/17/2013 01:54:46 PM) (Source: DCOM) (User: USER-2A1DED054E)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (02/17/2013 01:41:36 PM) (Source: DCOM) (User: USER-2A1DED054E)
Description: DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (02/17/2013 01:33:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK7
AVGIDSDriver
AVGIDSShim
avgio
Avgldx86
avipbb
cmdGuard
Fips
ssmdrv

Error: (02/17/2013 01:33:13 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%31

Error: (02/17/2013 01:32:36 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/17/2013 08:31:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/17/2013 00:50:50 AM) (Source: DCOM) (User: USER-2A1DED054E)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (02/16/2013 10:59:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK7
AVGIDSDriver
AVGIDSShim
avgio
Avgldx86
avipbb
cmdGuard
Fips
ssmdrv

Error: (02/16/2013 10:59:03 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%31

Error: (02/16/2013 10:58:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (02/02/2013 05:38:45 PM) (Source: MsiInstaller)(User: USER-2A1DED054E)
Description: Product: STOPzilla! -- Error 1706. No valid source could be found for product STOPzilla!. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (01/21/2013 07:49:10 AM) (Source: Application Hang)(User: )
Description: winamp.exe5.6.2.3161hungapp0.0.0.000000000

Error: (12/28/2012 01:49:10 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/28/2012 01:49:10 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/28/2012 01:49:10 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/17/2012 04:03:15 AM) (Source: VsJITDebugger)(User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in process #2652. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (07/17/2012 04:03:15 AM) (Source: VsJITDebugger)(User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in process #2652. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (07/17/2012 04:03:15 AM) (Source: VsJITDebugger)(User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in process #2652. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (07/17/2012 04:03:15 AM) (Source: VsJITDebugger)(User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in process #2652. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (03/30/2012 00:11:10 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


=========================== Installed Programs ============================

Abyss Web Server X1 (remove only)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Director 11 (Version: 11)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.149)
Adobe Flash Player 11 Plugin (Version: 11.5.502.149)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Alarm Master v 4.23
AllToAVI v4 r5394 (Version: v4 r5394)
Alt.Binz 0.25.0 (Version: 0.25.0)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
ATI - Software Uninstall Utility (Version: 6.14.10.1021)
ATI AVIVO Codecs (Version: 9.15.0.20713)
ATI Catalyst Control Center (Version: 2.008.0312.1658)
ATI Display Driver (Version: 8.474-080312a-061689C-ATI)
ATI Parental Control & Encoder (Version: 3.0)
Audacity 2.0
Auto Gordian Knot 2.55 (Version: 2.55)
AVG 2013 (Version: 13.0.2639)
AVG 2013 (Version: 13.0.2897)
AVG 2013 (Version: 2013.0.2897)
Avidemux 2.4 (Version: 2.4.3.4276)
Avidemux 2.5 (Version: 2.5.2.5660)
AviSynth 2.5
Blaze Media Pro (Version: 6.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Full Existing (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Full New (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Light (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Previews Common (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Czech (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Danish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Dutch (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Finnish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization French (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization German (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Greek (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Hungarian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Italian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Japanese (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Korean (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Norwegian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Polish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Portuguese (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Russian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Spanish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Swedish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Thai (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Turkish (Version: 2008.0312.1659.28426)
ccc-core-preinstall (Version: 2008.0312.1659.28426)
ccc-core-static (Version: 2008.0312.1659.28426)
ccc-utility (Version: 2008.0312.1659.28426)
CCC Help Chinese Standard (Version: 2008.0312.1658.28426)
CCC Help Chinese Traditional (Version: 2008.0312.1658.28426)
CCC Help Czech (Version: 2008.0312.1658.28426)
CCC Help Danish (Version: 2008.0312.1658.28426)
CCC Help Dutch (Version: 2008.0312.1658.28426)
CCC Help English (Version: 2008.0312.1658.28426)
CCC Help Finnish (Version: 2008.0312.1658.28426)
CCC Help French (Version: 2008.0312.1658.28426)
CCC Help German (Version: 2008.0312.1658.28426)
CCC Help Greek (Version: 2008.0312.1658.28426)
CCC Help Hungarian (Version: 2008.0312.1658.28426)
CCC Help Italian (Version: 2008.0312.1658.28426)
CCC Help Japanese (Version: 2008.0312.1658.28426)
CCC Help Korean (Version: 2008.0312.1658.28426)
CCC Help Norwegian (Version: 2008.0312.1658.28426)
CCC Help Polish (Version: 2008.0312.1658.28426)
CCC Help Portuguese (Version: 2008.0312.1658.28426)
CCC Help Russian (Version: 2008.0312.1658.28426)
CCC Help Spanish (Version: 2008.0312.1658.28426)
CCC Help Swedish (Version: 2008.0312.1658.28426)
CCC Help Thai (Version: 2008.0312.1658.28426)
CCC Help Turkish (Version: 2008.0312.1658.28426)
COMODO Internet Security (Version: 5.4.58750.1355)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Dealio Toolbar
Debugging Tools for Windows (Version: 6.8.4.0)
DivX Setup (Version: 2.5.0.15)
DVD Decrypter (Remove Only)
DvdCover+ 2.1
eMusic - 50 Free MP3 offer
ERUNT 1.1j
ESET Online Scanner v3
ffdshow [rev 2033] [2008-07-05] (Version: 1.0)
FileHippo.com Update Checker
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
HJ-Split 2.2 (Version: 2.2)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
Java Auto Updater (Version: 2.0.6.1)
Java DB 10.4.2.1 (Version: 10.4.2.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 29 (Version: 6.0.290)
JCreator LE 4.50
KnowledgeWright 4.3.2 (Version: 4.03.0002)
LeechGet 2009 Version 2.1
Lexmark Z2300 Series
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MeGUI modern media encoder (remove only) (Version: 0.3.1.1014)
Microsoft .NET Compact Framework 1.0 SP3 Developer (Version: 1.0.4292)
Microsoft .NET Compact Framework 2.0 (Version: 2.0.5238)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30730)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30730)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30730)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Device Emulator version 1.0 - ENU (Version: 1.0.50727.42)
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005 (Version: 8.0.50727.42)
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft PrintForm Component 1.0 (Version: 1.0.0)
Microsoft Publisher 2002 (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.00.1399.06)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (Version: 3.0.0.0)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.3.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visio Viewer 2010 (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU (Version: 8.0.50727.42)
Microsoft Works 6.0 (Version: 06.00.1829)
mIRC (Version: 7.19)
mkv2vob (Version: 2.4.5)
MKVtoolnix 2.5.1 (Version: 2.5.1)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 12.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
MUSTEK 1200 UB v2.1
Nero 7 Essentials (Version: 7.01.8956)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 11.64 (Version: 11.64.1403)
Opera 12.14 (Version: 12.14.1738)
Personal License Update Wizard for Windows Media Player
Polipo 1.0.4.1
PowerDVD
QuickTime (Version: 7.69.80.9)
RAR Password Recovery v1.1 RC17 (remove only)
Real Alternative 1.8.2 (Version: 1.8.2)
Realtek AC'97 Audio (Version: 5.36)
Revo Uninstaller 1.93 (Version: 1.93)
Rootkit Unhooker LE 3.8 SR 1
Secunia PSI (2.0.0.3003)
SereneScreen Marine Aquarium Time (Version: 1.1.2)
Skins (Version: 2008.0312.1659.28426)
SopCast 2.0.4 (Version: 2.0.4)
Source Edit 4.0
Spybot - Search & Destroy (Version: 1.6.2)
STOPzilla! (Version: )
STOPzilla! (Version: 3.1.0.7)
swMSM (Version: 12.0.0.1)
Test My Hardware 2.3
TextBridge Classic 2.0
Tor 0.2.1.25
TVUPlayer 2.4.1.0 (Version: 2.4.1.0)
UnOfficial McAfee SiteAdvisor Widget
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
v2011.build.46 (Version: v2011.build.46)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Vidalia 0.2.7
VLC media player 0.9.8a (Version: 0.9.8a)
VobSub v2.23 (Remove Only)
WebFldrs XP (Version: 9.50.7523)
Whale Communications' Client Components v3.7.1
Winamp (Version: 5.62 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol 2007 (Version: 12.0.2007.5)
WinRAR archiver
Xilisoft AVI to DVD Converter (Version: 3.0.36.0314)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.2 final uninstall (Version: 1.1)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 511.48 MB
Available physical RAM: 275.55 MB
Total Pagefile: 1247.97 MB
Available Pagefile: 1140.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.71 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:38.33 GB) (Free:6.45 GB) NTFS
5 Drive h: (SCSI1_VOL1) (Fixed) (Total:74.53 GB) (Free:8.62 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-2A1DED054E

Administrator ASPNET Guest
HelpAssistant JMC SUPPORT_388945a0
user

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini010309-01.dmp
C:\WINDOWS\Minidump\Mini010909-01.dmp
C:\WINDOWS\Minidump\Mini011009-01.dmp
C:\WINDOWS\Minidump\Mini011009-02.dmp
C:\WINDOWS\Minidump\Mini011009-03.dmp
C:\WINDOWS\Minidump\Mini011009-04.dmp
C:\WINDOWS\Minidump\Mini011509-01.dmp
C:\WINDOWS\Minidump\Mini011609-01.dmp
C:\WINDOWS\Minidump\Mini011609-02.dmp
C:\WINDOWS\Minidump\Mini011709-01.dmp
C:\WINDOWS\Minidump\Mini011711-01.dmp
C:\WINDOWS\Minidump\Mini011909-01.dmp
C:\WINDOWS\Minidump\Mini012209-01.dmp
C:\WINDOWS\Minidump\Mini012409-01.dmp
C:\WINDOWS\Minidump\Mini012409-02.dmp
C:\WINDOWS\Minidump\Mini012509-01.dmp
C:\WINDOWS\Minidump\Mini012509-02.dmp
C:\WINDOWS\Minidump\Mini012609-01.dmp
C:\WINDOWS\Minidump\Mini021709-01.dmp
C:\WINDOWS\Minidump\Mini021909-01.dmp
C:\WINDOWS\Minidump\Mini021909-02.dmp
C:\WINDOWS\Minidump\Mini022008-01.dmp
C:\WINDOWS\Minidump\Mini022309-01.dmp
C:\WINDOWS\Minidump\Mini030609-01.dmp
C:\WINDOWS\Minidump\Mini030811-01.dmp
C:\WINDOWS\Minidump\Mini031709-01.dmp
C:\WINDOWS\Minidump\Mini031711-01.dmp
C:\WINDOWS\Minidump\Mini032308-01.dmp
C:\WINDOWS\Minidump\Mini033009-01.dmp
C:\WINDOWS\Minidump\Mini040109-01.dmp
C:\WINDOWS\Minidump\Mini040109-02.dmp
C:\WINDOWS\Minidump\Mini040311-01.dmp
C:\WINDOWS\Minidump\Mini040509-01.dmp
C:\WINDOWS\Minidump\Mini040909-01.dmp
C:\WINDOWS\Minidump\Mini041809-01.dmp
C:\WINDOWS\Minidump\Mini042409-01.dmp
C:\WINDOWS\Minidump\Mini042409-02.dmp
C:\WINDOWS\Minidump\Mini042609-01.dmp
C:\WINDOWS\Minidump\Mini042911-01.dmp
C:\WINDOWS\Minidump\Mini050109-01.dmp
C:\WINDOWS\Minidump\Mini050111-01.dmp
C:\WINDOWS\Minidump\Mini050111-02.dmp
C:\WINDOWS\Minidump\Mini050111-03.dmp
C:\WINDOWS\Minidump\Mini050409-01.dmp
C:\WINDOWS\Minidump\Mini050709-01.dmp
C:\WINDOWS\Minidump\Mini051009-01.dmp
C:\WINDOWS\Minidump\Mini051309-01.dmp
C:\WINDOWS\Minidump\Mini051609-01.dmp
C:\WINDOWS\Minidump\Mini052109-01.dmp
C:\WINDOWS\Minidump\Mini053009-01.dmp
C:\WINDOWS\Minidump\Mini053109-01.dmp
C:\WINDOWS\Minidump\Mini060709-01.dmp
C:\WINDOWS\Minidump\Mini061509-01.dmp
C:\WINDOWS\Minidump\Mini062109-01.dmp
C:\WINDOWS\Minidump\Mini062408-01.dmp
C:\WINDOWS\Minidump\Mini062809-01.dmp
C:\WINDOWS\Minidump\Mini062909-01.dmp
C:\WINDOWS\Minidump\Mini063010-01.dmp
C:\WINDOWS\Minidump\Mini070109-01.dmp
C:\WINDOWS\Minidump\Mini070209-01.dmp
C:\WINDOWS\Minidump\Mini070209-02.dmp
C:\WINDOWS\Minidump\Mini070309-01.dmp
C:\WINDOWS\Minidump\Mini070309-02.dmp
C:\WINDOWS\Minidump\Mini070609-01.dmp
C:\WINDOWS\Minidump\Mini070809-01.dmp
C:\WINDOWS\Minidump\Mini070810-01.dmp
C:\WINDOWS\Minidump\Mini071109-01.dmp
C:\WINDOWS\Minidump\Mini071408-01.dmp
C:\WINDOWS\Minidump\Mini071409-01.dmp
C:\WINDOWS\Minidump\Mini071609-01.dmp
C:\WINDOWS\Minidump\Mini071609-02.dmp
C:\WINDOWS\Minidump\Mini071809-01.dmp
C:\WINDOWS\Minidump\Mini072009-01.dmp
C:\WINDOWS\Minidump\Mini072209-01.dmp
C:\WINDOWS\Minidump\Mini072409-01.dmp
C:\WINDOWS\Minidump\Mini072609-01.dmp
C:\WINDOWS\Minidump\Mini072709-01.dmp
C:\WINDOWS\Minidump\Mini072809-01.dmp
C:\WINDOWS\Minidump\Mini073008-01.dmp
C:\WINDOWS\Minidump\Mini080109-01.dmp
C:\WINDOWS\Minidump\Mini080210-01.dmp
C:\WINDOWS\Minidump\Mini080309-01.dmp
C:\WINDOWS\Minidump\Mini080509-01.dmp
C:\WINDOWS\Minidump\Mini080709-01.dmp
C:\WINDOWS\Minidump\Mini080909-01.dmp
C:\WINDOWS\Minidump\Mini080909-02.dmp
C:\WINDOWS\Minidump\Mini081409-01.dmp
C:\WINDOWS\Minidump\Mini081409-02.dmp
C:\WINDOWS\Minidump\Mini081709-01.dmp
C:\WINDOWS\Minidump\Mini082609-01.dmp
C:\WINDOWS\Minidump\Mini090709-01.dmp
C:\WINDOWS\Minidump\Mini091007-01.dmp
C:\WINDOWS\Minidump\Mini091007-02.dmp
C:\WINDOWS\Minidump\Mini091207-01.dmp
C:\WINDOWS\Minidump\Mini091209-01.dmp
C:\WINDOWS\Minidump\Mini091308-01.dmp
C:\WINDOWS\Minidump\Mini091809-01.dmp
C:\WINDOWS\Minidump\Mini092607-01.dmp
C:\WINDOWS\Minidump\Mini092610-01.dmp
C:\WINDOWS\Minidump\Mini100509-01.dmp
C:\WINDOWS\Minidump\Mini100609-01.dmp
C:\WINDOWS\Minidump\Mini100709-01.dmp
C:\WINDOWS\Minidump\Mini101307-01.dmp
C:\WINDOWS\Minidump\Mini101407-01.dmp
C:\WINDOWS\Minidump\Mini101507-01.dmp
C:\WINDOWS\Minidump\Mini102609-01.dmp
C:\WINDOWS\Minidump\Mini103108-01.dmp
C:\WINDOWS\Minidump\Mini103109-01.dmp
C:\WINDOWS\Minidump\Mini110109-01.dmp
C:\WINDOWS\Minidump\Mini110209-01.dmp
C:\WINDOWS\Minidump\Mini110408-01.dmp
C:\WINDOWS\Minidump\Mini110408-02.dmp
C:\WINDOWS\Minidump\Mini110408-03.dmp
C:\WINDOWS\Minidump\Mini110408-04.dmp
C:\WINDOWS\Minidump\Mini110408-05.dmp
C:\WINDOWS\Minidump\Mini110408-06.dmp
C:\WINDOWS\Minidump\Mini110408-07.dmp
C:\WINDOWS\Minidump\Mini110408-08.dmp
C:\WINDOWS\Minidump\Mini110408-09.dmp
C:\WINDOWS\Minidump\Mini110508-01.dmp
C:\WINDOWS\Minidump\Mini110508-02.dmp
C:\WINDOWS\Minidump\Mini110508-03.dmp
C:\WINDOWS\Minidump\Mini110508-04.dmp
C:\WINDOWS\Minidump\Mini110508-05.dmp
C:\WINDOWS\Minidump\Mini110508-06.dmp
C:\WINDOWS\Minidump\Mini110508-07.dmp
C:\WINDOWS\Minidump\Mini110508-08.dmp
C:\WINDOWS\Minidump\Mini110508-09.dmp
C:\WINDOWS\Minidump\Mini110508-10.dmp
C:\WINDOWS\Minidump\Mini110508-11.dmp
C:\WINDOWS\Minidump\Mini110508-12.dmp
C:\WINDOWS\Minidump\Mini110808-01.dmp
C:\WINDOWS\Minidump\Mini110808-02.dmp
C:\WINDOWS\Minidump\Mini110808-03.dmp
C:\WINDOWS\Minidump\Mini110809-01.dmp
C:\WINDOWS\Minidump\Mini111109-01.dmp
C:\WINDOWS\Minidump\Mini111208-01.dmp
C:\WINDOWS\Minidump\Mini111208-02.dmp
C:\WINDOWS\Minidump\Mini111208-03.dmp
C:\WINDOWS\Minidump\Mini111208-04.dmp
C:\WINDOWS\Minidump\Mini111308-01.dmp
C:\WINDOWS\Minidump\Mini111408-01.dmp
C:\WINDOWS\Minidump\Mini111408-02.dmp
C:\WINDOWS\Minidump\Mini111408-03.dmp
C:\WINDOWS\Minidump\Mini111508-01.dmp
C:\WINDOWS\Minidump\Mini111508-02.dmp
C:\WINDOWS\Minidump\Mini111508-03.dmp
C:\WINDOWS\Minidump\Mini111508-04.dmp
C:\WINDOWS\Minidump\Mini111508-05.dmp
C:\WINDOWS\Minidump\Mini111608-01.dmp
C:\WINDOWS\Minidump\Mini111908-01.dmp
C:\WINDOWS\Minidump\Mini112008-01.dmp
C:\WINDOWS\Minidump\Mini112208-01.dmp
C:\WINDOWS\Minidump\Mini112708-01.dmp
C:\WINDOWS\Minidump\Mini112708-02.dmp
C:\WINDOWS\Minidump\Mini112909-01.dmp
C:\WINDOWS\Minidump\Mini120509-01.dmp
C:\WINDOWS\Minidump\Mini120808-01.dmp
C:\WINDOWS\Minidump\Mini122308-01.dmp
C:\WINDOWS\Minidump\Mini122308-02.dmp
C:\WINDOWS\Minidump\Mini122508-01.dmp
C:\WINDOWS\Minidump\Mini122608-01.dmp
C:\WINDOWS\Minidump\Mini122608-02.dmp
C:\WINDOWS\Minidump\Mini122908-01.dmp
C:\WINDOWS\Minidump\Mini123108-01.dmp
C:\WINDOWS\Minidump\Mini123108-02.dmp
C:\WINDOWS\Minidump\Mini123108-03.dmp

**** End of log ****



And finally the new OTL log. I used a Quickscan like before. No extras file appeared this time though.

OTL logfile created on: 17/02/2013 14:42:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 128.99 Mb Available Physical Memory | 25.22% Memory free
1.22 Gb Paging File | 0.98 Gb Available in Paging File | 80.63% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 6.46 Gb Free Space | 16.86% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 8.62 Gb Free Space | 11.56% Space Free | Partition Type: NTFS

Computer Name: USER-2A1DED054E | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/16 20:53:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL6.exe
PRC - [2013/02/13 02:15:16 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/08 11:54:24 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/09/04 09:50:08 | 000,088,064 | ---- | M] () -- C:\Program Files\LeechGet 2009\ShellExtension.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\STOPzilla!\szntsvc.exe /service STOPzilla Local Service -- (STOPzilla Local Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2013/02/08 11:55:18 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/07 23:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/19 06:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 06:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/30 23:57:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/06 14:25:37 | 000,423,576 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\DOWNLO~1\DMService.exe -- (DMService)
SRV - [2008/02/27 10:06:28 | 000,594,600 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\system32\lxdpcoms.exe -- (lxdp_device)
SRV - [2008/02/27 10:06:12 | 000,098,984 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\uti1mtkw.sys -- (uti1mtkw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (kardelia)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys -- (CrucialSMBusScan)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Unavailable | Unknown] -- system32\5883211c.sys -- (5883211c)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/11/07 23:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/07 23:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/07 23:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/09/01 08:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/09 17:14:44 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/12 22:09:36 | 002,870,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/13 18:53:09 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/08/14 15:16:38 | 000,404,736 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/04/11 14:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {A104E314-EC5F-4B3E-B12A-58E0BE45D9DC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{18BB3DE6-DE35-4C38-B1C1-94F4026B19BC}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{73C48547-5271-4813-B8DF-27735F763CB7}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{9C88690E-9E49-4FC8-97E4-08B5FDE94108}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{A104E314-EC5F-4B3E-B12A-58E0BE45D9DC}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.6
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/02 21:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/04 11:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/04 19:03:36 | 000,000,000 | ---D | M]

[2009/09/30 17:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/01/08 07:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions
[2011/05/06 20:24:17 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/05/13 23:54:16 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/07/08 22:10:34 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/07/08 22:10:32 | 000,061,705 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012/07/06 02:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/02 22:25:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/02/04 11:25:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/30 18:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/07/04 19:03:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/09 21:35:00 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/07/04 19:03:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/07/02 19:54:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2009\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2009\Wizard.html ()
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2009\Parser.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.co...ntingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.belfa.../WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E48C6C8-C493-4C95-98E0-262A57C9830D}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E48C6C8-C493-4C95-98E0-262A57C9830D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/04 21:00:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/17 14:14:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/02/17 14:14:14 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/03 10:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG2013
[2013/02/03 10:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/02/03 10:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2013/02/03 10:40:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/02/03 10:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/02/03 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\MFAData
[2013/02/03 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/02/03 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Avg2013
[2013/02/02 17:44:26 | 000,034,024 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2013/02/02 17:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2013/02/02 17:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/02/02 17:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo

========== Files - Modified Within 30 Days ==========

[2013/02/17 14:18:35 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/17 13:31:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/16 22:47:12 | 000,298,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/16 15:52:19 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/16 03:25:06 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/15 16:34:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/13 16:49:51 | 536,428,544 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/02/04 11:16:18 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2013/02/03 10:42:46 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/02/02 17:15:16 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2013/02/02 17:10:21 | 001,031,793 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/01/24 22:42:49 | 000,263,888 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdvrt32.dll
[2013/01/24 22:42:48 | 000,040,656 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdkbd32.dll

========== Files Created - No Company Name ==========

[2013/02/03 10:42:46 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/02/02 15:21:53 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2012/12/28 01:47:10 | 001,031,793 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/02/16 20:14:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/20 03:06:42 | 000,063,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/07 19:28:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2011/09/07 19:28:28 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2011/09/07 19:27:39 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2011/09/07 19:27:38 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2011/09/07 19:27:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2011/09/07 19:27:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2011/09/07 19:27:37 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2011/09/07 19:27:37 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2011/09/07 19:27:37 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2011/09/07 19:27:37 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2011/09/07 19:27:37 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2011/09/07 19:27:36 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2011/09/07 19:27:36 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpih.exe
[2011/09/07 19:27:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2011/09/07 19:27:35 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2011/09/07 19:27:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcoms.exe
[2011/09/07 19:27:35 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2011/09/07 19:27:35 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcfg.exe
[2011/05/26 21:09:34 | 000,006,254 | ---- | C] () -- C:\Documents and Settings\user\Application Data\ADBA.BB3
[2011/03/11 19:30:43 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/04/12 12:40:21 | 000,370,597 | ---- | C] () -- C:\Documents and Settings\user\.fonts.cache-1
[2009/02/23 05:22:19 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\user\Application Data\AutoGK.ini
[2007/09/11 21:02:41 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 17:24:04 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\user\default.pls

========== ZeroAccess Check ==========

[2010/12/09 15:15:09 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\@
[2010/12/09 15:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\L
[2010/12/09 15:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\U
[2007/10/23 22:21:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/06/30 13:02:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2013/02/03 10:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2008/01/28 17:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/09/22 21:16:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/04 02:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/10/25 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2013/02/16 16:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/18 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/08/10 18:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2007/09/12 21:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2013/02/17 13:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/18 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}
[2011/09/22 23:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2012
[2013/02/03 10:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2013
[2009/01/15 03:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\avidemux
[2008/11/15 00:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AviDvdBurner
[2012/01/26 08:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Azureus
[2008/03/27 17:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BIFHE
[2007/10/31 20:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer
[2007/10/31 20:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer Pro
[2011/07/02 21:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DDMSettings
[2007/09/13 01:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2009/01/15 04:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2009/10/25 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\JCreator
[2012/03/05 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2011/09/22 21:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2008/06/18 17:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Seven Zip
[2007/09/12 21:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\STOPzilla!
[2007/10/03 00:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Template
[2013/02/03 10:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2007/09/13 01:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinPatrol
[2012/09/24 20:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\xsecva

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >
  • 0

#5
Satchfan
Posted 17 February 2013 - 10:16 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
I missed the fact that Comodo was the Internet Security version and not the firewall. This too has an antivirus so needs to be uninstalled and a stand-alone firewall installed OR if you prefer, uninstall AVG.

Using Add and remove programs uninstall these:

COMODO Internet Security (Version: 5.4.58750.1355) OR AVG
Dealio Toolbar
All versions of Java (they are all out-of-date and vulnerable to infection)

If you uninstalled Comodo, you can download and install one of the following freeware firewalls from below:

Sygate Personal Firewall Free Edition:
Zone Alarm Free:
Comodo Personal Firewall:

NOTE only install one firewall. Having more than one could cause many programs to stop working altogether. Also, the firewalls may get in each others' way and cause some security holes that would not be there with just one firewall.

===================================================

Disable Spybot’s TeaTimer

Spybot’s TeaTimer can sometimes prevent some things from being fixed.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your log is clean.

  • open Spybot Search & Destroy
  • in the Mode menu click "Advanced mode" if not already selected
  • choose "Yes" at the Warning prompt
  • expand the "Tools" menu
  • click "Resident"
  • uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box
  • in the File menu click "Exit" to exit Spybot Search & Destroy.
===================================================

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
DRV - [2009/12/09 17:14:44 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
IE - HKCU\..\SearchScopes,DefaultScope = {A104E314-EC5F-4B3E-B12A-58E0BE45D9DC}
IE - HKCU\..\SearchScopes\{18BB3DE6-DE35-4C38-B1C1-94F4026B19BC}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{9C88690E-9E49-4FC8-97E4-08B5FDE94108}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{A104E314-EC5F-4B3E-B12A-58E0BE45D9DC}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{73C48547-5271-4813-B8DF-27735F763CB7}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

:Files
C:\Documents and Settings\user\Application Data\TuneUp Software
C:\Documents and Settings\All Users\Application Data\Azureus
C:\Documents and Settings\All Users\Application Data\STOPzilla
C:\Documents and Settings\user\Application Data\Azureus

:Commands
[purity]
[emptytemp]
[Reboot]

  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • please post a new OTL log and the OTL fix log
===================================================

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.
Logs to include with next post:

OTL fix log
OTL.txt
aswMBR log

Thanks

Satchfan
  • 0

#6
arclight
Posted 17 February 2013 - 11:25 AM

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
I uninstalled Java, dealio and comodo IS and disabled Teatimer

I Haven't installed comodo firewall yet as it won't install in safe mode


OTL ran and rebooted but no logs appeared. The OTL.txt log didn't update . Unless this is because i am in safe mode atm. ASWMBR updated and ran with log below

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-17 17:16:07
-----------------------------
17:16:07.703 OS Version: Windows 5.1.2600 Service Pack 3
17:16:07.703 Number of processors: 1 586 0x801
17:16:07.703 ComputerName: USER-2A1DED054E UserName: user
17:16:13.828 Initialize success
17:20:02.812 AVAST engine defs: 13021700
17:20:24.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:20:24.812 Disk 0 Vendor: IC35L040AVVA07-0 VA2OA52A Size: 39265MB BusType: 3
17:20:24.843 Disk 0 MBR read successfully
17:20:24.875 Disk 0 MBR scan
17:20:28.000 Disk 0 Windows XP default MBR code
17:20:28.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39252 MB offset 63
17:20:30.812 Disk 0 scanning sectors +80389260
17:20:31.937 Disk 0 scanning C:\WINDOWS\system32\drivers
17:21:17.343 Service scanning
17:22:03.296 Modules scanning
17:22:13.531 Disk 0 trace - called modules:
17:22:13.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:22:13.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x832f3ab8]
17:22:20.578 3 CLASSPNP.SYS[f8776fd7] -> nt!IofCallDriver -> \Device\00000062[0x83300910]
17:22:20.984 5 ACPI.sys[f86ed620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83376940]
17:22:21.390 Scan finished successfully
17:22:30.625 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
17:22:30.656 The log file has been saved successfully to "H:\aswMBR.txt"
  • 0

#7
Satchfan
Posted 17 February 2013 - 05:02 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
The OTL fix log can be found at C:\_OTL\MovedFiles It will have a file name consisting of numbers that reflect the date and time the fix was run. It will be something similar to 17022013_*****.log .

Can you try to reboot in normal mode and let me know what happens.
  • 0

#8
arclight
Posted 17 February 2013 - 05:48 PM

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Started in Normal mode

I get this message after reinstalling comodo that imapi.exe is trying to create a new file/folder c:windows\temp with a random file name .tmp

Otl log came up

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service aawservice stopped successfully!
Service aawservice deleted successfully!
File C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe not found.
Service AntiVirService stopped successfully!
Service AntiVirService deleted successfully!
C:\Program Files\Avira\AntiVir Desktop\avguard.exe moved successfully.
Service AntiVirSchedulerService stopped successfully!
Service AntiVirSchedulerService deleted successfully!
C:\Program Files\Avira\AntiVir Desktop\sched.exe moved successfully.
Service avgntflt stopped successfully!
Service avgntflt deleted successfully!
C:\WINDOWS\system32\drivers\avgntflt.sys moved successfully.
Service ssmdrv stopped successfully!
Service ssmdrv deleted successfully!
C:\WINDOWS\system32\drivers\ssmdrv.sys moved successfully.
Service avipbb stopped successfully!
Service avipbb deleted successfully!
C:\WINDOWS\system32\drivers\avipbb.sys moved successfully.
Service avgio stopped successfully!
Service avgio deleted successfully!
C:\Program Files\Avira\AntiVir Desktop\avgio.sys moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18BB3DE6-DE35-4C38-B1C1-94F4026B19BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18BB3DE6-DE35-4C38-B1C1-94F4026B19BC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C88690E-9E49-4FC8-97E4-08B5FDE94108}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C88690E-9E49-4FC8-97E4-08B5FDE94108}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A104E314-EC5F-4B3E-B12A-58E0BE45D9DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A104E314-EC5F-4B3E-B12A-58E0BE45D9DC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73C48547-5271-4813-B8DF-27735F763CB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C48547-5271-4813-B8DF-27735F763CB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
========== FILES ==========
C:\Documents and Settings\user\Application Data\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Documents and Settings\user\Application Data\TuneUp Software\TU2012 folder moved successfully.
C:\Documents and Settings\user\Application Data\TuneUp Software folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Azureus folder moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\STOPzilla not found.
C:\Documents and Settings\user\Application Data\Azureus\torrents folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\tmp folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\shares folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\plugins\azupnpav folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\plugins\azemp folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\plugins folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\net folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\logs\save folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\logs folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\dht folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\active\9B38C7FE9569376C188B4BA38B307CB109AFBA23 folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\active\566633CBA9024ACADDDDAD28AE481AA7D742F3AE folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus\active folder moved successfully.
C:\Documents and Settings\user\Application Data\Azureus folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: JMC
->Temp folder emptied: 16029 bytes
->Temporary Internet Files folder emptied: 64901 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3855709 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: user
->Temp folder emptied: 740218619 bytes
->Temporary Internet Files folder emptied: 346011454 bytes
->Java cache emptied: 81041 bytes
->FireFox cache emptied: 77973400 bytes
->Opera cache emptied: 19191503 bytes
->Flash cache emptied: 302928 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 738899 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 376057550 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,492.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02172013_170710

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#9
Satchfan
Posted 18 February 2013 - 03:28 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

I get this message after reinstalling comodo that imapi.exe is trying to create a new file/folder c:windows\temp with a random file name .tmp

imapi.exe is a Windows file used for CD burning. IMAPI CD-Burning COM Service’s default setting is “manual” and temp files are created at startup. The only way to get rid of the message is to disable the service or tell Comodo to allow it.


Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please also include a new OTL scan log

Thanks

Satchfan
  • 0

#10
arclight
Posted 18 February 2013 - 09:47 AM

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Hi

OTL log

OTL logfile created on: 18/02/2013 15:13:41 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 150.85 Mb Available Physical Memory | 29.49% Memory free
1.22 Gb Paging File | 0.56 Gb Available in Paging File | 46.23% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 8.05 Gb Free Space | 21.00% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 8.46 Gb Free Space | 11.35% Space Free | Partition Type: NTFS

Computer Name: USER-2A1DED054E | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/16 20:53:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL6.exe
PRC - [2013/02/13 02:15:16 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/07 23:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/11/07 23:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2011/06/30 18:30:10 | 001,595,520 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2011/04/19 06:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 02:15:26 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark Z2300 Series\ezprint.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/13 02:16:00 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013/02/13 02:16:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013/02/13 02:16:00 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013/02/13 02:15:59 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013/02/13 02:15:59 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013/02/13 02:15:59 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013/02/13 02:15:59 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013/02/13 02:15:59 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013/02/13 02:15:59 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013/02/13 02:15:58 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2013/02/13 02:15:58 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013/02/13 02:15:58 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013/02/08 11:54:24 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/02 22:55:16 | 000,103,936 | ---- | M] () -- C:\Program Files\Winamp\System\png.w5s
MOD - [2011/07/02 22:55:16 | 000,090,112 | ---- | M] () -- C:\Program Files\Winamp\System\xml.w5s
MOD - [2011/07/02 22:55:16 | 000,084,480 | ---- | M] () -- C:\Program Files\Winamp\System\playlist.w5s
MOD - [2011/07/02 22:55:16 | 000,083,968 | ---- | M] () -- C:\Program Files\Winamp\tataki.dll
MOD - [2011/07/02 22:55:16 | 000,047,616 | ---- | M] () -- C:\Program Files\Winamp\zlib.dll
MOD - [2011/07/02 22:55:16 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\System\timer.w5s
MOD - [2011/07/02 22:55:16 | 000,021,504 | ---- | M] () -- C:\Program Files\Winamp\System\tagz.w5s
MOD - [2011/07/02 22:55:16 | 000,013,824 | ---- | M] () -- C:\Program Files\Winamp\System\primo.w5s
MOD - [2011/07/02 22:55:15 | 000,623,616 | ---- | M] () -- C:\Program Files\Winamp\System\jnetlib.w5s
MOD - [2011/07/02 22:55:15 | 000,174,080 | ---- | M] () -- C:\Program Files\Winamp\System\auth.w5s
MOD - [2011/07/02 22:55:15 | 000,154,624 | ---- | M] () -- C:\Program Files\Winamp\System\jpeg.w5s
MOD - [2011/07/02 22:55:15 | 000,044,544 | ---- | M] () -- C:\Program Files\Winamp\System\devices.w5s
MOD - [2011/07/02 22:55:15 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\gif.w5s
MOD - [2011/07/02 22:55:15 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\bmp.w5s
MOD - [2011/07/02 22:55:15 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\System\dlmgr.w5s
MOD - [2011/07/02 22:55:15 | 000,016,384 | ---- | M] () -- C:\Program Files\Winamp\System\gracenote.w5s
MOD - [2011/07/02 22:55:15 | 000,014,336 | ---- | M] () -- C:\Program Files\Winamp\System\filereader.w5s
MOD - [2011/07/02 22:55:14 | 000,023,040 | ---- | M] () -- C:\Program Files\Winamp\System\albumart.w5s
MOD - [2011/07/02 22:55:13 | 000,170,496 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_ipod.dll
MOD - [2011/07/02 22:55:13 | 000,118,272 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_p4s.dll
MOD - [2011/07/02 22:55:13 | 000,113,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_wifi.dll
MOD - [2011/07/02 22:55:13 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_android.dll
MOD - [2011/07/02 22:55:13 | 000,053,760 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_usb.dll
MOD - [2011/07/02 22:55:13 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_ds.dll
MOD - [2011/07/02 22:55:13 | 000,022,528 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_disk.dll
MOD - [2011/07/02 22:55:13 | 000,020,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_njb.dll
MOD - [2011/07/02 22:55:13 | 000,018,432 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_wave.dll
MOD - [2011/07/02 22:55:12 | 000,241,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_pmp.dll
MOD - [2011/07/02 22:55:12 | 000,125,440 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_online.dll
MOD - [2011/07/02 22:55:12 | 000,083,456 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_plg.dll
MOD - [2011/07/02 22:55:12 | 000,082,944 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_playlists.dll
MOD - [2011/07/02 22:55:12 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_rg.dll
MOD - [2011/07/02 22:55:12 | 000,031,744 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_transcode.dll
MOD - [2011/07/02 22:55:11 | 000,293,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_local.dll
MOD - [2011/07/02 22:55:11 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_impex.dll
MOD - [2011/07/02 22:55:10 | 000,250,368 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_devices.dll
MOD - [2011/07/02 22:55:10 | 000,200,704 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_disc.dll
MOD - [2011/07/02 22:55:10 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_history.dll
MOD - [2011/07/02 22:55:10 | 000,028,672 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_autotag.dll
MOD - [2011/07/02 22:55:10 | 000,027,648 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
MOD - [2011/07/02 22:55:08 | 000,313,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wm.dll
MOD - [2011/07/02 22:55:08 | 000,252,416 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_vorbis.dll
MOD - [2011/07/02 22:55:08 | 000,074,752 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_nsv.dll
MOD - [2011/07/02 22:55:08 | 000,050,688 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp4.dll
MOD - [2011/07/02 22:55:08 | 000,023,552 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_swf.dll
MOD - [2011/07/02 22:55:08 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wave.dll
MOD - [2011/07/02 22:55:07 | 000,312,832 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ml.dll
MOD - [2011/07/02 22:55:07 | 000,285,696 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp3.dll
MOD - [2011/07/02 22:55:07 | 000,183,808 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_jumpex.dll
MOD - [2011/07/02 22:55:07 | 000,165,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mod.dll
MOD - [2011/07/02 22:55:07 | 000,109,568 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_midi.dll
MOD - [2011/07/02 22:55:07 | 000,102,400 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_cdda.dll
MOD - [2011/07/02 22:55:07 | 000,072,192 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_dshow.dll
MOD - [2011/07/02 22:55:07 | 000,068,608 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_avi.dll
MOD - [2011/07/02 22:55:07 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flac.dll
MOD - [2011/07/02 22:55:07 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_orgler.dll
MOD - [2011/07/02 22:55:07 | 000,049,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mkv.dll
MOD - [2011/07/02 22:55:07 | 000,043,008 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flv.dll
MOD - [2011/07/02 22:55:07 | 000,025,600 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_tray.dll
MOD - [2011/07/02 22:55:07 | 000,007,168 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_linein.dll
MOD - [2011/07/02 22:55:06 | 001,737,728 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ff.dll
MOD - [2011/07/02 22:55:06 | 000,027,648 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
MOD - [2011/07/02 22:55:05 | 000,410,624 | ---- | M] () -- C:\Program Files\Winamp\nsutil.dll
MOD - [2011/07/02 22:55:05 | 000,253,440 | ---- | M] () -- C:\Program Files\Winamp\libsndfile.dll
MOD - [2011/07/02 22:55:05 | 000,078,848 | ---- | M] () -- C:\Program Files\Winamp\nde.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/26 22:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdpdrpp.dll
MOD - [2007/08/08 16:55:30 | 000,364,544 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\iptk.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\STOPzilla!\szntsvc.exe /service STOPzilla Local Service -- (STOPzilla Local Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/08 11:55:18 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/07 23:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/19 06:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 06:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/11/30 23:57:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/06 14:25:37 | 000,423,576 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\DOWNLO~1\DMService.exe -- (DMService)
SRV - [2008/02/27 10:06:28 | 000,594,600 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\system32\lxdpcoms.exe -- (lxdp_device)
SRV - [2008/02/27 10:06:12 | 000,098,984 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\uti1mtkw.sys -- (uti1mtkw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (kardelia)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys -- (CrucialSMBusScan)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Unavailable | Unknown] -- system32\5883211c.sys -- (5883211c)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/11/07 23:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/07 23:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/07 23:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/09/01 08:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/12 22:09:36 | 002,870,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/13 18:53:09 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/08/14 15:16:38 | 000,404,736 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/04/11 14:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.6
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/02 21:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/04 11:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/04 19:03:36 | 000,000,000 | ---D | M]

[2009/09/30 17:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/01/08 07:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions
[2011/05/06 20:24:17 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/05/13 23:54:16 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/07/08 22:10:34 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/07/08 22:10:32 | 000,061,705 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012/07/06 02:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/02/04 11:25:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/30 18:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/07/04 19:03:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/09 21:35:00 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/07/04 19:03:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/07/02 19:54:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2009\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2009\Wizard.html ()
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2009\Parser.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.co...ntingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.belfa.../WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E48C6C8-C493-4C95-98E0-262A57C9830D}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E48C6C8-C493-4C95-98E0-262A57C9830D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/04 21:00:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/18 14:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/02/17 23:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2013/02/17 23:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013/02/17 14:14:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/02/17 14:14:14 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/03 10:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG2013
[2013/02/03 10:40:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/02/03 10:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/02/03 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\MFAData
[2013/02/03 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/02/03 10:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Avg2013
[2013/02/02 17:44:26 | 000,034,024 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2013/02/02 17:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo

========== Files - Modified Within 30 Days ==========

[2013/02/18 14:52:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/18 14:32:54 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/02/18 14:15:37 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2013/02/18 14:11:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/18 14:11:14 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/17 23:22:00 | 000,001,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2013/02/17 22:59:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/16 22:47:12 | 000,298,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/16 03:25:06 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/15 16:34:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/13 16:49:51 | 536,428,544 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/02/02 17:10:21 | 001,031,793 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/01/24 22:42:49 | 000,263,888 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdvrt32.dll
[2013/01/24 22:42:48 | 000,040,656 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdkbd32.dll

========== Files Created - No Company Name ==========

[2013/02/17 23:22:00 | 000,001,887 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2013/02/17 23:07:46 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/03 10:42:46 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/12/28 01:47:10 | 001,031,793 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/02/16 20:14:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/20 03:06:42 | 000,063,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/07 19:28:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2011/09/07 19:28:28 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2011/09/07 19:27:39 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2011/09/07 19:27:38 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2011/09/07 19:27:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2011/09/07 19:27:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2011/09/07 19:27:37 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2011/09/07 19:27:37 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2011/09/07 19:27:37 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2011/09/07 19:27:37 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2011/09/07 19:27:37 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2011/09/07 19:27:36 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2011/09/07 19:27:36 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpih.exe
[2011/09/07 19:27:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2011/09/07 19:27:35 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2011/09/07 19:27:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcoms.exe
[2011/09/07 19:27:35 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2011/09/07 19:27:35 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcfg.exe
[2011/05/26 21:09:34 | 000,006,254 | ---- | C] () -- C:\Documents and Settings\user\Application Data\ADBA.BB3
[2011/03/11 19:30:43 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/04/12 12:40:21 | 000,370,597 | ---- | C] () -- C:\Documents and Settings\user\.fonts.cache-1
[2009/02/23 05:22:19 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\user\Application Data\AutoGK.ini
[2007/09/11 21:02:41 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 17:24:04 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\user\default.pls

========== ZeroAccess Check ==========

[2010/12/09 15:15:09 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\@
[2010/12/09 15:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\L
[2010/12/09 15:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\U
[2007/10/23 22:21:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/06/30 13:02:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2013/02/03 10:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/09/22 21:16:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/04 02:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/10/25 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2013/02/18 14:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/18 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/08/10 18:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2007/09/12 21:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2013/02/17 13:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/18 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}
[2011/09/22 23:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2012
[2013/02/03 10:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2013
[2009/01/15 03:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\avidemux
[2008/11/15 00:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AviDvdBurner
[2008/03/27 17:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BIFHE
[2007/10/31 20:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer
[2007/10/31 20:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer Pro
[2011/07/02 21:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DDMSettings
[2007/09/13 01:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2009/01/15 04:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2009/10/25 19:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\JCreator
[2012/03/05 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2011/09/22 21:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2008/06/18 17:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Seven Zip
[2007/09/12 21:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\STOPzilla!
[2007/10/03 00:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Template
[2007/09/13 01:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinPatrol
[2012/09/24 20:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\xsecva

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >



Security check log

Results of screen317's Security Check version 0.99.58
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG 2013
ESET Online Scanner v3
COMODO Internet Security
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
WinPatrol 2007 (Outdated! Latest version is WinPatrol 2012)
Spybot - Search & Destroy
Secunia PSI (2.0.0.3003)
Rootkit Unhooker LE 3.8 SR 1
Malwarebytes Anti-Malware version 1.70.0.1100
Java version out of Date!
Adobe Flash Player 11.5.502.149
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe is disabled!
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

Advertisements

#11
Satchfan
Posted 18 February 2013 - 10:22 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Looking good.

You need to uninstall WinPatrol. Although it is disabled you’d be better off uninstalling it altogether.


Using Windows Explorer, (Windows key+E), navigate to and delete these Stopzilla folders in red:

C:\Program Files\STOPzilla!
C:\Documents and Settings\All Users\Application Data\STOPzilla!
C:\Documents and Settings\user\Application Data\STOPzilla!

Can you tell me how things are running now.

Satchfan
  • 0

#12
arclight
Posted 18 February 2013 - 12:52 PM

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Hi

Uninstalled Winpatrol

When i was uninstalling Winpatrol AVG came up with a threat called Tindel.exe in a temp folder which i deleted with AVG

C:\Program Files\STOPzilla! Folder wasn't there
C:\Documents and Settings\All Users\Application Data\STOPzilla! Deleted
C:\Documents and Settings\user\Application Data\STOPzilla! Deleted

Generally the PC was been running OK today.No freezing yet
  • 0

#13
Satchfan
Posted 18 February 2013 - 04:35 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
I think we are just about there and the AVG message may be what is known as a “false-positive”, (which AVG is becoming increasingly renowned for).

If there is a problem, an online scan should show it up.


Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

==================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan


1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.

3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - if ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish
If a log has been produced post it in your next reply together with the Malwarebytes log.

Satchfan
  • 0

#14
arclight
Posted 18 February 2013 - 11:15 PM

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Hi

ESET will not detect anything so no log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.18.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-2A1DED054E [administrator]

18/02/2013 23:30:48
mbam-log-2013-02-18 (23-30-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250948
Time elapsed: 42 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#15
Satchfan
Posted 19 February 2013 - 02:49 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Good work, your computer appears to be clean.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall OTL

  • double-click OTL.exe
  • click the CleanUp! button.
  • select Yes when the Begin cleanup Process? prompt appears.
  • if you are prompted to reboot during the cleanup, select Yes.
  • the tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Create a Restore Point

  • click Start Menu, Run
  • copy and paste the following:


    %SystemRoot%\System32\restore\rstrui.exe

  • press OK
  • choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create
  • when the confirmation screen shows that the restore point has been created, click Close.
Remove old restore points

  • go to Start, Programs, Accessories, System tools, Disk Cleanup
  • when the Disc Cleanup dialog box appears, click OK
  • when it finishes running, a box with tabs will appear, select the ”More options” tab
  • on this tab you will find a section for System Restore
  • if you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
===================================================

Update installed programs

You had old versions of Java on your computer which I asked you to uninstall. If you didn’t do so please uninstall ALL versions of Java and Adobe Reader which are old and vulnerable to infections.
  • click on Start, Settings, Control Panel
  • double-click Add or Remove Programs
  • scroll down the list click on any version of Adobe Reader or Java and then on Remove.
Install the latest versions:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Posted Image

NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

===================================================

Spybot - Search and Destroy’ – Re-enable TeaTimer and remember to scan your computer with the program on a regular basis as you would with your anti-virus software.

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes


A final note: I would say that the majority of your problems were caused by too many security programs, some of which were not recommendable, (Stopzilla).

Remember to only have ONE antivirus and ONE firewall and use the adware/spyware programs regularly.

Safe computing

Satchfan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP