Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you sign in.
Create an Account Login to Account

PUP virus,svchost .exe running at 100% cpu usage [Closed]


  • This topic is locked This topic is locked

#1
arclight

arclight

    Member

  • Member
  • PipPipPip
  • 176 posts
Hi

Today i noticed when i start up Windows the process svchost.exe is taking 100% of the CPU usage.

All together there are 7 svchost.exe processes running. 2 network services, 2 local services and 3 system.

The svchost.exe process that is causing me trouble is the one of the system processes.

I ran malwarebytes as a precaution after this occurred and it picked up 4 files. The log file is listed below.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.12.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-2A1DED054E [administrator]

12/10/2013 23:58:03
mbam-log-2013-10-12 (23-58-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259097
Time elapsed: 42 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\user\Desktop\KMPlayer_EN_3.2.0.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\Tsu76D9D232.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\{A0317D93-C92C-417D-A396-810E7BD25F65}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(end)

I rebooted and ran MBAM again with full updates but the problem is still occurring. It started today and I'm unsure whether are not the two are related.

OTL logfile created on: 13/10/2013 01:31:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 90.46 Mb Available Physical Memory | 17.69% Memory free
1.22 Gb Paging File | 0.52 Gb Available in Paging File | 42.69% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 8.09 Gb Free Space | 21.11% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 7.79 Gb Free Space | 10.46% Space Free | Partition Type: NTFS

Computer Name: USER-2A1DED054E | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/13 01:30:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/21 02:38:45 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/22 03:46:20 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/11/08 00:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/11/08 00:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 03:15:26 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark Z2300 Series\ezprint.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 21:53:42 | 016,233,864 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/05/26 15:36:34 | 006,765,568 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Icaros\avcodec-ics-55.dll
MOD - [2013/05/26 15:36:34 | 000,827,904 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Icaros\avformat-ics-55.dll
MOD - [2013/05/26 15:36:34 | 000,380,416 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Icaros\swscale-ics-2.dll
MOD - [2013/05/26 15:36:34 | 000,217,088 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Icaros\avutil-ics-52.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/26 23:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdpdrpp.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/08/08 17:55:30 | 000,364,544 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\iptk.dll
MOD - [2003/09/04 10:50:08 | 000,088,064 | ---- | M] () -- C:\Program Files\LeechGet 2009\ShellExtension.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\STOPzilla!\szntsvc.exe /service STOPzilla Local Service -- (STOPzilla Local Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/09 21:53:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/21 02:38:45 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/08 00:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/12/01 00:57:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/06 15:25:37 | 000,423,576 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\DOWNLO~1\DMService.exe -- (DMService)
SRV - [2008/02/27 11:06:28 | 000,594,600 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\system32\lxdpcoms.exe -- (lxdp_device)
SRV - [2008/02/27 11:06:12 | 000,098,984 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2005/09/23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\uti1mtkw.sys -- (uti1mtkw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (kardelia)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys -- (CrucialSMBusScan)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Unavailable | Unknown] -- system32\5883211c.sys -- (5883211c)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/11/08 00:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/08 00:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/08 00:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/12 23:09:36 | 002,870,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/13 19:53:09 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/08/14 16:16:38 | 000,404,736 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/04/11 15:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B3205B348-523A-4fac-9BC4-9939CBF583B0%7D:2.1.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/02 22:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/03 17:58:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/08 20:53:17 | 000,000,000 | ---D | M]

[2009/09/30 18:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/09/07 07:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions
[2013/09/07 07:54:29 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/05/14 00:54:16 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/07/08 23:10:34 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/07/08 23:10:32 | 000,061,705 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012/07/06 03:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/03 17:58:51 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/30 19:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2013/08/03 17:58:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/09 22:35:00 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/08/03 17:58:41 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/07/02 20:54:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2009\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2009\Wizard.html ()
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2009\Parser.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.co...ntingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.belfa.../WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E48C6C8-C493-4C95-98E0-262A57C9830D}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E48C6C8-C493-4C95-98E0-262A57C9830D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/04 22:00:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/08/31 00:20:42 | 000,000,000 | ---D | M] - H:\AutoMKV0984 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/09 20:57:56 | 000,000,000 | -HSD | C] -- C:\found.015
[2013/09/23 01:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\SMPlayer2
[2013/09/23 01:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\SMPlayer2
[2013/09/16 17:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2013/10/13 00:52:25 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/13 00:50:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/13 00:50:03 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/06 22:19:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/23 01:06:18 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\user\Desktop\SMPlayer2.lnk
[2013/09/23 00:27:46 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/09/16 17:46:24 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk

========== Files Created - No Company Name ==========

[2013/09/23 01:06:18 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\user\Desktop\SMPlayer2.lnk
[2013/09/23 00:27:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/08/30 23:42:30 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2013/08/03 04:42:59 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2013/07/08 19:45:41 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/07/08 19:45:25 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/02/23 17:14:45 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll
[2013/02/23 16:35:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UI.INI
[2012/12/28 02:47:10 | 001,031,793 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/02/16 21:14:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/26 22:09:34 | 000,006,254 | ---- | C] () -- C:\Documents and Settings\user\Application Data\ADBA.BB3
[2009/04/12 13:40:21 | 000,370,597 | ---- | C] () -- C:\Documents and Settings\user\.fonts.cache-1
[2009/02/23 06:22:19 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\user\Application Data\AutoGK.ini
[2007/09/11 22:02:41 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 18:24:04 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\user\default.pls

========== ZeroAccess Check ==========

[2010/12/09 16:15:09 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\@
[2010/12/09 16:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\L
[2010/12/09 16:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\U
[2007/10/23 23:21:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/06/30 14:02:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2013/02/03 11:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/09/22 22:16:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/04 03:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2013/05/06 16:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2009/10/25 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2013/10/12 19:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/18 22:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/08/10 19:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2013/02/17 14:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/08/03 20:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VSO
[2008/06/18 18:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}
[2011/09/23 00:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2012
[2013/02/03 11:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2013
[2009/01/15 04:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\avidemux
[2008/11/15 01:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AviDvdBurner
[2008/03/27 18:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BIFHE
[2007/10/31 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer
[2007/10/31 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer Pro
[2011/07/02 22:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DDMSettings
[2007/09/13 02:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2009/01/15 05:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2013/07/29 21:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ImgBurn
[2009/10/25 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\JCreator
[2012/03/05 22:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2011/09/22 22:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2008/06/18 18:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Seven Zip
[2007/10/03 01:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Template
[2013/08/03 20:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\VSO
[2013/02/18 19:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinPatrol
[2013/09/08 02:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\XMedia Recode
[2012/09/24 21:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\xsecva

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >


OTL Extras logfile created on: 13/10/2013 01:31:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 90.46 Mb Available Physical Memory | 17.69% Memory free
1.22 Gb Paging File | 0.52 Gb Available in Paging File | 42.69% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 8.09 Gb Free Space | 21.11% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 7.79 Gb Free Space | 10.46% Space Free | Partition Type: NTFS

Computer Name: USER-2A1DED054E | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\sopvod.exe" = C:\Program Files\SopCast\sopvod.exe:*:Disabled:sopvod -- ()
"C:\Program Files\Azureusvuze\Azureus.exe" = C:\Program Files\Azureusvuze\Azureus.exe:*:Disabled:Azureus
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Abyss Web Server\abyssws.exe" = C:\Program Files\Abyss Web Server\abyssws.exe:*:Enabled:Abyss Web Server X1 -- (Aprelium)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdpcoms.exe" = C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe" = C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{013BE9DC-2E1A-7E95-15D9-C81E91A19510}" = Catalyst Control Center Graphics Full Existing
"{033E06D3-487A-8ED4-1672-B060C0A97D24}" = Skins
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06542CA3-F90C-BE75-656E-83A0B076213A}" = Catalyst Control Center Localization Czech
"{074C0987-378C-5E80-15F6-437B8717A16D}" = ccc-core-preinstall
"{08ABF6AA-C9E7-4A75-9A11-A2D34D79B7B7}" = Microsoft PrintForm Component 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1583C7B3-5D84-4E62-9C55-BCB795EE7B19}" = Catalyst Control Center Core Implementation
"{18070238-0B24-6C19-52B8-368D26E8F1BC}" = Catalyst Control Center Localization Italian
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D341BEB-869D-E150-1A18-10B02B7E10BF}" = Catalyst Control Center Localization Finnish
"{1D544865-1A49-C99A-7189-ADD5464D8381}" = Catalyst Control Center Localization Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2EE09C14-D1C8-D38C-B8BD-4A5DDA31A33C}" = CCC Help Danish
"{2F6D51D7-F65C-840D-69B3-F9CDC4D1C2CC}" = CCC Help Turkish
"{3037A890-E9CE-4E89-A7FA-0540A3A6A887}" = STOPzilla!
"{3187E3CF-A2C8-F15F-ADEE-3A966CCAB69E}" = CCC Help Thai
"{347362FC-2826-4EDB-B1E3-FC55900CA632}_is1" = HJ-Split 2.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B45D262-3BEE-477F-8652-EC24950D3F65}" = Adobe Director 11
"{3D84CD86-8A47-D0BF-CD0D-AC1749D1B895}" = CCC Help Norwegian
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44BABF05-8ED2-CEE4-D59F-17E605C4B6FE}" = CCC Help Chinese Traditional
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{469231D8-0FBD-82A8-4DC6-DDC664A77629}" = Catalyst Control Center Localization Portuguese
"{49899342-3922-06B5-E38E-17DE462A18C3}" = CCC Help Russian
"{49F10BCB-9587-6C5B-51F8-BE18A732183F}" = Catalyst Control Center Localization Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A545288-D1F5-0C0F-BC97-8179E6FF1794}" = CCC Help Japanese
"{510D967A-B190-C5B9-D2F8-D2009EB2EF93}" = Catalyst Control Center Localization Russian
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59B84475-BEA1-CCBB-36C0-A7CD804F821F}" = Catalyst Control Center Localization Spanish
"{5AFAF0D6-E4FB-CB2C-CAA1-AF78055CD951}" = CCC Help Italian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60469B62-EB5C-D37E-D473-4F763F541783}" = Catalyst Control Center Localization Norwegian
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6CDE6C4F-6FD7-4F24-A116-F0D173432FFC}" = Adobe Setup
"{71A78AEF-7D16-0917-778E-1E04D486FB9E}" = Catalyst Control Center Graphics Light
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770A65D6-F37E-7447-517A-E62282C7EA18}" = CCC Help French
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7B2387B2-63DC-5F0D-3E44-130AB689F1A2}" = Catalyst Control Center Graphics Previews Common
"{7D3CA676-421C-5854-1D80-535FD684E5BC}" = Catalyst Control Center Localization Hungarian
"{8041F412-ABCE-51DA-B8D4-E1BC75FDBF0D}" = Catalyst Control Center Localization Chinese Standard
"{8314CCDE-D301-CABC-EDE7-D391D3E1C7DC}" = CCC Help Spanish
"{8428DF28-CCAF-501E-25CD-1391CD2D5CC9}" = CCC Help Portuguese
"{86B03DBF-D97A-02D7-C6E0-64B1CF7998D8}" = Catalyst Control Center Localization German
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF06947-F556-D573-95D1-AB7A7440AAA1}" = CCC Help Greek
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8DC25D22-3957-4F3F-14F1-4413DB0ED51F}" = Catalyst Control Center Localization Polish
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{913CA370-6B97-3C12-F54D-1BBA8F41303A}" = CCC Help Czech
"{94175F2B-39EB-B64B-50B0-501EDD13D820}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0052-0409-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
"{966077F9-4923-B3B1-73A6-593E4627B5F7}" = Catalyst Control Center Localization French
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials
"{9DA4749E-BF71-8DAE-948A-3A44408550D6}" = Catalyst Control Center Graphics Full New
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5227CA4-8613-CB80-EFC0-D90A424B5430}" = Catalyst Control Center Localization Turkish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B197FA45-6A2A-8CA4-888B-38BF0DD5DC90}" = CCC Help Chinese Standard
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F40112-0067-880A-C696-5E2ECC547F2B}" = Catalyst Control Center Localization Danish
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{BA185841-9581-E711-8DB3-24FA5ADED6AD}" = CCC Help English
"{BB00789E-CDE5-0824-F8CB-ABF5EAA0BB1A}" = Catalyst Control Center Localization Chinese Traditional
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6BA2362-C93F-73F5-29E9-CF4100C5CA02}" = Catalyst Control Center Localization Swedish
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C8D251E7-1660-47EF-856A-8B23A09E8088}" = KnowledgeWright 4.3.2
"{C930BF21-C79B-C4DC-7092-2E7898FE5554}" = CCC Help Swedish
"{C9BC573D-3BB5-C839-409D-C964E874188D}" = CCC Help Polish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D657FAA8-9042-9CE7-14D9-048A5C88818D}" = Catalyst Control Center Localization Greek
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode version 3.1.7.2
"{E1DED507-D03F-C0E4-ECE6-542541897A0C}" = CCC Help Finnish
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 1
"{E3B35466-F7B6-3BE0-EE8D-3DEE37492649}" = CCC Help German
"{E7F430A8-AADA-6F9C-CE37-E1174BAD27B0}" = ccc-utility
"{EC15C65D-4DE1-3AC7-93B5-D7B2FC02EC09}" = ccc-core-static
"{ECD2A0EE-7BAB-463A-F910-4FD7CE58FC00}" = Catalyst Control Center Localization Japanese
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}" = Debugging Tools for Windows
"{F6C11B5C-0E30-E6F8-46B9-21EF9CE7995D}" = CCC Help Korean
"{F79E3C41-5367-5ADA-5C18-4C9E91FD9852}" = Catalyst Control Center Localization Korean
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FEF74B44-EF2B-762C-3D69-4CA101E792B4}" = CCC Help Dutch
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_2755fefb5e3352ee2921713793bdbf8" = Adobe Director 11
"Alarm Master_is1" = Alarm Master v 4.23
"All ATI Software" = ATI - Software Uninstall Utility
"AllToAVI" = AllToAVI v4 r5394
"Alt.Binz" = Alt.Binz 0.25.0
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0
"AutoGK" = Auto Gordian Knot 2.55
"AVG" = AVG 2013
"Avidemux 2.4" = Avidemux 2.4
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DivX Setup.divx.com" = DivX Setup
"DRM7Tool" = Personal License Update Wizard for Windows Media Player
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DvdCover+_is1" = DvdCover+ 2.1
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"FileHippo.com" = FileHippo.com Update Checker
"FormatFactory" = FormatFactory 3.00
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"JCreator LE_is1" = JCreator LE 4.50
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.5
"LeechGet 2009_is1" = LeechGet 2009 Version 2.1
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MeGUI modern media encoder" = MeGUI modern media encoder (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 2.5.1
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MUSTEK 1200 UB v2.1" = MUSTEK 1200 UB v2.1
"Opera 11.64.1403" = Opera 11.64
"Opera 12.15.1748" = Opera 12.15
"Polipo" = Polipo 1.0.4.1
"RealAlt_is1" = Real Alternative 1.8.2
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SereneScreen Marine Aquarium Time_is1" = SereneScreen Marine Aquarium Time
"SMPlayer" = SMPlayer 0.8.5
"SopCast" = SopCast 2.0.4
"Source Edit_is1" = Source Edit 4.0
"STOPzilla" = STOPzilla!
"TextBridge Classic 2.0" = TextBridge Classic 2.0
"Tor" = Tor 0.2.1.25
"TVUPlayer" = TVUPlayer 2.4.1.0
"Veetle TV" = Veetle TV 0.9.18
"Vidalia" = Vidalia 0.2.7
"VLC media player" = VLC media player 0.9.8a
"VobSub" = VobSub v2.23 (Remove Only)
"VSO ConvertXtoDVD v5.0.0.45 FINAL5.0.0.45" = VSO ConvertXtoDVD v5.0.0.45 FINAL
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.7.1
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AbyssWebServer" = Abyss Web Server X1 (remove only)
"UnOfficial McAfee SiteAdvisor Widget" = UnOfficial McAfee SiteAdvisor Widget
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/07/2013 01:07:13 | Computer Name = USER-2A1DED054E | Source = Application Hang | ID = 1002
Description = Hanging application smplayer.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 22/07/2013 17:24:29 | Computer Name = USER-2A1DED054E | Source = Application Hang | ID = 1002
Description = Hanging application smplayer.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/07/2013 22:34:02 | Computer Name = USER-2A1DED054E | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in winamp.exe [2072]. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 02/08/2013 22:43:53 | Computer Name = USER-2A1DED054E | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #4000. Just-In-Time
debugging this exception failed with the following error: The process ID is invalid.

Check
the documentation index for 'Just-in-time debugging, errors' for more information.

Error - 30/08/2013 19:18:08 | Computer Name = USER-2A1DED054E | Source = Application Hang | ID = 1002
Description = Hanging application AutoMKV0984.exe, version 0.98.241.1222, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/09/2013 13:14:42 | Computer Name = USER-2A1DED054E | Source = ESENT | ID = 490
Description = svchost (1244) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 13/09/2013 13:14:43 | Computer Name = USER-2A1DED054E | Source = ESENT | ID = 490
Description = svchost (1244) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 13/09/2013 13:14:45 | Computer Name = USER-2A1DED054E | Source = ESENT | ID = 490
Description = svchost (1244) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 13/09/2013 13:14:47 | Computer Name = USER-2A1DED054E | Source = ESENT | ID = 490
Description = svchost (1244) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 13/09/2013 13:14:48 | Computer Name = USER-2A1DED054E | Source = ESENT | ID = 490
Description = svchost (1244) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 12/10/2013 18:45:43 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {B20E899D-B079-479D-A4DC-10F758D9CD9A}

Error - 12/10/2013 18:48:35 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {B20E899D-B079-479D-A4DC-10F758D9CD9A}

Error - 12/10/2013 18:55:53 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 12/10/2013 19:37:19 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 12/10/2013 19:59:21 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 12/10/2013 20:00:16 | Computer Name = USER-2A1DED054E | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 12/10/2013 20:01:03 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ImapiService
with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}

Error - 12/10/2013 20:01:38 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 12/10/2013 20:03:49 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 12/10/2013 20:27:04 | Computer Name = USER-2A1DED054E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}


< End of report >
  • 0

Similar Topics: PUP virus,svchost .exe running at 100% cpu usage [Closed]     x


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 17,184 posts
Hello arclight,

Sorry for the delay.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
arclight

arclight

    Member

  • Member
  • PipPipPip
  • 176 posts
Hi, thx for the help, here are the logs as requested

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by user (administrator) on USER-2A1DED054E on 19-10-2013 23:12:15
Running from H:\
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Lexmark International Inc.) C:\Program Files\Lexmark Z2300 Series\ezprint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(COMODO) C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [lxdpmon.exe] - C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe [656040 2008-03-27] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark Z2300 Series\ezprint.exe [107176 2008-03-27] (Lexmark International Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKCU\...\Policies\Explorer: [NoLogOff] 0
HKU\JMC\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-09-08] (Google Inc.)
HKU\JMC\...\Run: [DWQueuedReporting] - c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [ 2007-02-26] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\guard32.dll [ 2012-11-08] (COMODO)
BootExecute: autocheck autochk * lsdeleteC:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
Toolbar: HKCU -&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.co...ntingPlayer.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.belfa.../WhlCompMgr.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{2E48C6C8-C493-4C95-98E0-262A57C9830D}: [NameServer]8.26.56.26,156.154.70.22

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Old Location Bar - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\Extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
FF Extension: Torbutton - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF Extension: No Name - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

========================== Services (Whitelisted) =================

S4 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-03-12] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
S3 DMService; C:\WINDOWS\DOWNLO~1\DMService.exe [423576 2008-04-06] (Whale Communications, a Microsoft subsidiary)
S4 lxdpCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe [98984 2008-02-27] (Lexmark International, Inc.)
S4 lxdp_device; C:\WINDOWS\system32\lxdpcoms.exe [594600 2008-02-27] ( )
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S4 msvsmon80; c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S4 STOPzilla Local Service; C:\Program Files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" [x]

==================== Drivers (Whitelisted) ====================

S3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [404736 2003-08-14] (Sensaura Ltd)
R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [497952 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [32640 2012-11-08] (COMODO)
S3 CO_Mon; C:\WINDOWS\system32\Drivers\CO_Mon.sys [28672 2007-09-13] ()
R0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [99080 2012-11-08] (COMODO)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 S6U12BScanner; C:\Windows\System32\drivers\usbscan.sys [15104 2008-04-14] (Microsoft Corporation)
S3 CrucialSMBusScan; \??\C:\DOCUME~1\user\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys [x]
S4 IntelIde; No ImagePath
S3 kardelia; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S0 szkg; system32\DRIVERS\szkg.sys [x]
U3 TlntSvr;
S3 uti1mtkw; \??\C:\WINDOWS\system32\Drivers\uti1mtkw.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-19 23:10 - 2013-10-19 23:10 - 00000000 ____D C:\FRST
2013-10-10 06:41 - 2013-10-10 06:42 - 00006352 _____ C:\WINDOWS\KB2847311.log
2013-10-09 20:57 - 2013-10-09 20:57 - 00000000 __SHD C:\found.015
2013-09-23 01:06 - 2013-09-23 01:06 - 00001118 _____ C:\Documents and Settings\user\Desktop\SMPlayer2.lnk
2013-09-23 01:06 - 2013-09-23 01:06 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\SMPlayer2
2013-09-23 01:04 - 2013-10-06 06:29 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\SMPlayer2
2013-09-23 00:27 - 2013-09-23 00:27 - 00000754 _____ C:\WINDOWS\WORDPAD.INI

==================== One Month Modified Files and Folders =======

2013-10-19 23:10 - 2013-10-19 23:10 - 00000000 ____D C:\FRST
2013-10-19 22:52 - 2012-04-06 14:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-19 22:41 - 2011-05-02 15:41 - 00000000 ____D C:\Documents and Settings\user\Desktop\safari
2013-10-19 21:34 - 2007-09-04 21:59 - 01050829 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-19 20:37 - 2013-02-03 11:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-10-19 20:30 - 2007-09-04 22:44 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-19 20:30 - 2007-09-04 22:44 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-19 20:30 - 2007-09-04 22:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-19 08:30 - 2007-09-04 22:07 - 00000278 ___SH C:\Documents and Settings\user\ntuser.ini
2013-10-19 08:30 - 2007-09-04 22:06 - 00032616 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-19 07:25 - 2007-10-31 18:15 - 00000000 ____D C:\Documents and Settings\user\.smplayer
2013-10-16 04:02 - 2011-09-04 23:16 - 00000000 ____D C:\Documents and Settings\user\Application Data\mIRC
2013-10-13 00:49 - 2007-09-14 14:56 - 00000000 ____D C:\WINDOWS\Sun
2013-10-12 23:28 - 2011-05-03 20:51 - 00000178 ___SH C:\Documents and Settings\JMC\ntuser.ini
2013-10-12 23:28 - 2011-05-03 20:51 - 00000000 ____D C:\Documents and Settings\JMC
2013-10-10 06:42 - 2013-10-10 06:41 - 00006352 _____ C:\WINDOWS\KB2847311.log
2013-10-09 21:53 - 2012-04-06 14:34 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 21:53 - 2011-06-03 21:15 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-09 20:57 - 2013-10-09 20:57 - 00000000 __SHD C:\found.015
2013-10-06 22:19 - 2006-02-28 13:00 - 00001374 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-06 06:29 - 2013-09-23 01:04 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\SMPlayer2
2013-09-30 20:14 - 2011-05-03 01:21 - 00907380 _____ C:\WINDOWS\setupapi.log
2013-09-23 23:53 - 2013-06-29 01:55 - 00000000 ____D C:\Program Files\SMPlayer2
2013-09-23 01:06 - 2013-09-23 01:06 - 00001118 _____ C:\Documents and Settings\user\Desktop\SMPlayer2.lnk
2013-09-23 01:06 - 2013-09-23 01:06 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\SMPlayer2
2013-09-23 00:27 - 2013-09-23 00:27 - 00000754 _____ C:\WINDOWS\WORDPAD.INI

ZeroAccess:
C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}
C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\@

Some content of TEMP:
====================
C:\Documents and Settings\user\Local Settings\temp\7zDec.exe
C:\Documents and Settings\user\Local Settings\temp\AskPIP_FF_.exe
C:\Documents and Settings\user\Local Settings\temp\install_reader11_uk_chrd_aih.exe
C:\Documents and Settings\user\Local Settings\temp\VSUSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013
Ran by user at 2013-10-19 23:26:54
Running from H:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
Could not list Security Center items. Check WMI.


==================== Installed Programs ======================

Abyss Web Server X1 (remove only)
AC3Filter 1.63b (Version: 1.63b)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Director 11 (Version: 11)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Alarm Master v 4.23
AllToAVI v4 r5394 (Version: v4 r5394)
Alt.Binz 0.25.0 (Version: 0.25.0)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
ATI - Software Uninstall Utility (Version: 6.14.10.1021)
ATI AVIVO Codecs (Version: 9.15.0.20713)
ATI Catalyst Control Center (Version: 2.008.0312.1658)
ATI Display Driver (Version: 8.474-080312a-061689C-ATI)
ATI Parental Control & Encoder (Version: 3.0)
Audacity 2.0
Auto Gordian Knot 2.55 (Version: 2.55)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
Avidemux 2.4 (Version: 2.4.3.4276)
Avidemux 2.5 (Version: 2.5.2.5660)
AviSynth 2.5
Blaze Media Pro (Version: 6.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Full Existing (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Full New (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Light (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Previews Common (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Czech (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Danish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Dutch (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Finnish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization French (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization German (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Greek (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Hungarian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Italian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Japanese (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Korean (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Norwegian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Polish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Portuguese (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Russian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Spanish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Swedish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Thai (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Turkish (Version: 2008.0312.1659.28426)
CCC Help Chinese Standard (Version: 2008.0312.1658.28426)
CCC Help Chinese Traditional (Version: 2008.0312.1658.28426)
CCC Help Czech (Version: 2008.0312.1658.28426)
CCC Help Danish (Version: 2008.0312.1658.28426)
CCC Help Dutch (Version: 2008.0312.1658.28426)
CCC Help English (Version: 2008.0312.1658.28426)
CCC Help Finnish (Version: 2008.0312.1658.28426)
CCC Help French (Version: 2008.0312.1658.28426)
CCC Help German (Version: 2008.0312.1658.28426)
CCC Help Greek (Version: 2008.0312.1658.28426)
CCC Help Hungarian (Version: 2008.0312.1658.28426)
CCC Help Italian (Version: 2008.0312.1658.28426)
CCC Help Japanese (Version: 2008.0312.1658.28426)
CCC Help Korean (Version: 2008.0312.1658.28426)
CCC Help Norwegian (Version: 2008.0312.1658.28426)
CCC Help Polish (Version: 2008.0312.1658.28426)
CCC Help Portuguese (Version: 2008.0312.1658.28426)
CCC Help Russian (Version: 2008.0312.1658.28426)
CCC Help Spanish (Version: 2008.0312.1658.28426)
CCC Help Swedish (Version: 2008.0312.1658.28426)
CCC Help Thai (Version: 2008.0312.1658.28426)
CCC Help Turkish (Version: 2008.0312.1658.28426)
ccc-core-preinstall (Version: 2008.0312.1659.28426)
ccc-core-static (Version: 2008.0312.1659.28426)
ccc-utility (Version: 2008.0312.1659.28426)
COMODO Internet Security (Version: 5.4.58750.1355)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CoreAAC Audio Decoder (remove only)
Debugging Tools for Windows (Version: 6.8.4.0)
DivX Setup (Version: 2.5.0.15)
DivxToDVD 0.5.2b (Version: 0.5.2b)
DVD Decrypter (Remove Only)
DvdCover+ 2.1
eMusic - 50 Free MP3 offer
ERUNT 1.1j
ESET Online Scanner v3
ffdshow [rev 3299] [2010-03-03] (Version: 1.0.0.3299)
FileHippo.com Update Checker
FormatFactory 3.00 (Version: 3.00)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
HJ-Split 2.2 (Version: 2.2)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
ImgBurn (Version: 2.5.8.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JCreator LE 4.50
K-Lite Mega Codec Pack 9.9.5 (Version: 9.9.5)
KnowledgeWright 4.3.2 (Version: 4.03.0002)
LeechGet 2009 Version 2.1
Lexmark Z2300 Series
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MeGUI modern media encoder (remove only) (Version: 0.3.1.1014)
Microsoft .NET Compact Framework 1.0 SP3 Developer (Version: 1.0.4292)
Microsoft .NET Compact Framework 2.0 (Version: 2.0.5238)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30730)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30730)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30730)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Device Emulator version 1.0 - ENU (Version: 1.0.50727.42)
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005 (Version: 8.0.50727.42)
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft PrintForm Component 1.0 (Version: 1.0.0)
Microsoft Publisher 2002 (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.00.1399.06)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (Version: 3.0.0.0)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.3.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visio Viewer 2010 (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU (Version: 8.0.50727.42)
Microsoft Works 6.0 (Version: 06.00.1829)
mIRC (Version: 7.19)
mkv2vob (Version: 2.4.5)
MKVtoolnix 2.5.1 (Version: 2.5.1)
Mozilla Firefox 18.0.2 (x86 en-US) (Version: 18.0.2)
Mozilla Maintenance Service (Version: 12.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
MUSTEK 1200 UB v2.1
Nero 7 Essentials (Version: 7.01.8956)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 11.64 (Version: 11.64.1403)
Opera 12.15 (Version: 12.15.1748)
Personal License Update Wizard for Windows Media Player
Polipo 1.0.4.1
PowerDVD
QuickTime (Version: 7.69.80.9)
RAR Password Recovery v1.1 RC17 (remove only)
Real Alternative 1.8.2 (Version: 1.8.2)
Realtek AC'97 Audio (Version: 5.36)
Revo Uninstaller 1.94 (Version: 1.94)
Rootkit Unhooker LE 3.8 SR 1
Secunia PSI (2.0.0.3003)
SereneScreen Marine Aquarium Time (Version: 1.1.2)
Skins (Version: 2008.0312.1659.28426)
SMPlayer 0.8.5 (Version: 0.8.5)
SopCast 2.0.4 (Version: 2.0.4)
Source Edit 4.0
Spybot - Search & Destroy (Version: 1.6.2)
STOPzilla! (Version: )
STOPzilla! (Version: 3.1.0.7)
swMSM (Version: 12.0.0.1)
TextBridge Classic 2.0
Tor 0.2.1.25
TVUPlayer 2.4.1.0 (Version: 2.4.1.0)
UnOfficial McAfee SiteAdvisor Widget
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
v2011.build.46 (Version: v2011.build.46)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Vidalia 0.2.7
VLC media player 0.9.8a (Version: 0.9.8a)
VobSub v2.23 (Remove Only)
VSO ConvertXtoDVD v5.0.0.45 FINAL (Version: 5.0.0.45)
WebFldrs XP (Version: 9.50.7523)
Whale Communications' Client Components v3.7.1
Winamp (Version: 5.62 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Xilisoft AVI to DVD Converter (Version: 3.0.36.0314)
XMedia Recode version 3.1.7.2 (Version: 3.1.7.2)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.2 final uninstall (Version: 1.2)

==================== Restore Points =========================

27-08-2013 20:23:44 System Checkpoint
29-08-2013 17:51:04 System Checkpoint
01-09-2013 02:38:31 System Checkpoint
02-09-2013 03:25:37 System Checkpoint
03-09-2013 04:22:57 System Checkpoint
04-09-2013 21:09:15 System Checkpoint
06-09-2013 00:51:09 System Checkpoint
07-09-2013 01:49:59 System Checkpoint
08-09-2013 17:47:23 System Checkpoint
10-09-2013 04:13:36 System Checkpoint
12-09-2013 21:09:38 System Checkpoint
14-09-2013 04:21:40 System Checkpoint
16-09-2013 18:46:13 System Checkpoint
18-09-2013 00:15:19 System Checkpoint
19-09-2013 18:03:07 System Checkpoint
20-09-2013 19:39:02 System Checkpoint
22-09-2013 00:52:57 System Checkpoint
23-09-2013 17:43:07 System Checkpoint
25-09-2013 18:07:23 System Checkpoint
26-09-2013 19:19:38 System Checkpoint
27-09-2013 22:21:06 System Checkpoint
29-09-2013 21:25:18 System Checkpoint
01-10-2013 07:51:22 System Checkpoint
02-10-2013 23:10:55 System Checkpoint
03-10-2013 23:12:51 System Checkpoint
05-10-2013 01:20:14 System Checkpoint
06-10-2013 21:55:42 System Checkpoint
08-10-2013 01:00:48 System Checkpoint
09-10-2013 01:24:32 System Checkpoint
10-10-2013 02:08:15 System Checkpoint
11-10-2013 03:28:44 System Checkpoint
12-10-2013 06:08:02 System Checkpoint
13-10-2013 15:18:43 System Checkpoint
14-10-2013 18:31:58 System Checkpoint
15-10-2013 20:32:18 System Checkpoint
16-10-2013 22:02:10 System Checkpoint
17-10-2013 23:23:01 System Checkpoint
19-10-2013 21:07:29 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 13:00 - 2011-07-02 20:54 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-09-07 20:28 - 2008-02-26 23:05 - 00115200 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdpdrpp.dll
2007-09-07 01:17 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2003-09-04 10:50 - 2003-09-04 10:50 - 00088064 _____ () C:\Program Files\LeechGet 2009\ShellExtension.dll
2013-07-08 19:45 - 2013-05-26 15:36 - 06765568 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\avcodec-ics-55.dll
2013-07-08 19:45 - 2013-05-26 15:36 - 00217088 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\avutil-ics-52.dll
2013-07-08 19:45 - 2013-05-26 15:36 - 00827904 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\avformat-ics-55.dll
2013-07-08 19:45 - 2013-05-26 15:36 - 00380416 _____ () C:\Program Files\K-Lite Codec Pack\Icaros\swscale-ics-2.dll
2011-09-07 20:27 - 2007-08-08 17:55 - 00364544 _____ () C:\Program Files\Lexmark Z2300 Series\iptk.dll
2004-08-04 13:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 13:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00835584 _____ () C:\Program Files\Opera\gstreamer\gstreamer.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00093696 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00094208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00057344 _____ () C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
2011-12-12 23:58 - 2013-06-22 03:46 - 00096256 _____ () C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00062976 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00067072 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00158208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00312832 _____ () C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00038912 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00073728 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
2011-07-02 22:39 - 2013-06-22 03:46 - 00101888 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00410624 _____ () C:\Program Files\Winamp\nsutil.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00078848 _____ () C:\Program Files\Winamp\nde.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00023040 _____ () C:\Program Files\Winamp\System\albumart.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00174080 _____ () C:\Program Files\Winamp\System\auth.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00019456 _____ () C:\Program Files\Winamp\System\bmp.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00047616 _____ () C:\Program Files\Winamp\zlib.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00044544 _____ () C:\Program Files\Winamp\System\devices.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00016896 _____ () C:\Program Files\Winamp\System\dlmgr.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00014336 _____ () C:\Program Files\Winamp\System\filereader.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00019456 _____ () C:\Program Files\Winamp\System\gif.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00016384 _____ () C:\Program Files\Winamp\System\gracenote.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00623616 _____ () C:\Program Files\Winamp\System\jnetlib.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00154624 _____ () C:\Program Files\Winamp\System\jpeg.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00084480 _____ () C:\Program Files\Winamp\System\playlist.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00103936 _____ () C:\Program Files\Winamp\System\png.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00013824 _____ () C:\Program Files\Winamp\System\primo.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00021504 _____ () C:\Program Files\Winamp\System\tagz.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00035328 _____ () C:\Program Files\Winamp\System\timer.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00090112 _____ () C:\Program Files\Winamp\System\xml.w5s
2011-06-30 19:30 - 2011-07-02 23:55 - 00068608 _____ () C:\Program Files\Winamp\Plugins\in_avi.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00102400 _____ () C:\Program Files\Winamp\Plugins\in_cdda.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00072192 _____ () C:\Program Files\Winamp\Plugins\in_dshow.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00060928 _____ () C:\Program Files\Winamp\Plugins\in_flac.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00043008 _____ () C:\Program Files\Winamp\Plugins\in_flv.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00007168 _____ () C:\Program Files\Winamp\Plugins\in_linein.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00109568 _____ () C:\Program Files\Winamp\Plugins\in_midi.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00049152 _____ () C:\Program Files\Winamp\Plugins\in_mkv.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00165376 _____ () C:\Program Files\Winamp\Plugins\in_mod.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00285696 _____ () C:\Program Files\Winamp\Plugins\in_mp3.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00050688 _____ () C:\Program Files\Winamp\Plugins\in_mp4.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00074752 _____ () C:\Program Files\Winamp\Plugins\in_nsv.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00023552 _____ () C:\Program Files\Winamp\Plugins\in_swf.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00252416 _____ () C:\Program Files\Winamp\Plugins\in_vorbis.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00016896 _____ () C:\Program Files\Winamp\Plugins\in_wave.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00253440 _____ () C:\Program Files\Winamp\libsndfile.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00313344 _____ () C:\Program Files\Winamp\Plugins\in_wm.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00022528 _____ () C:\Program Files\Winamp\Plugins\out_disk.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00052224 _____ () C:\Program Files\Winamp\Plugins\out_ds.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00018432 _____ () C:\Program Files\Winamp\Plugins\out_wave.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 01737728 _____ () C:\Program Files\Winamp\Plugins\gen_ff.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00083968 _____ () C:\Program Files\Winamp\tataki.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00027648 _____ () C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
2010-11-10 18:29 - 2011-07-02 23:55 - 00183808 _____ () C:\Program Files\Winamp\Plugins\gen_jumpex.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00312832 _____ () C:\Program Files\Winamp\Plugins\gen_ml.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00293376 _____ () C:\Program Files\Winamp\Plugins\ml_local.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00082944 _____ () C:\Program Files\Winamp\Plugins\ml_playlists.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00125440 _____ () C:\Program Files\Winamp\Plugins\ml_online.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00250368 _____ () C:\Program Files\Winamp\Plugins\ml_devices.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00200704 _____ () C:\Program Files\Winamp\Plugins\ml_disc.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00241152 _____ () C:\Program Files\Winamp\Plugins\ml_pmp.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00060928 _____ () C:\Program Files\Winamp\Plugins\pmp_android.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00170496 _____ () C:\Program Files\Winamp\Plugins\pmp_ipod.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00020480 _____ () C:\Program Files\Winamp\Plugins\pmp_njb.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00118272 _____ () C:\Program Files\Winamp\Plugins\pmp_p4s.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00053760 _____ () C:\Program Files\Winamp\Plugins\pmp_usb.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00113152 _____ () C:\Program Files\Winamp\Plugins\pmp_wifi.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00027648 _____ () C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00052224 _____ () C:\Program Files\Winamp\Plugins\ml_history.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00028672 _____ () C:\Program Files\Winamp\Plugins\ml_autotag.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00057344 _____ () C:\Program Files\Winamp\Plugins\ml_impex.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00083456 _____ () C:\Program Files\Winamp\Plugins\ml_plg.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00033792 _____ () C:\Program Files\Winamp\Plugins\ml_rg.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00031744 _____ () C:\Program Files\Winamp\Plugins\ml_transcode.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00057344 _____ () C:\Program Files\Winamp\Plugins\gen_orgler.dll
2011-06-30 19:30 - 2011-07-02 23:55 - 00025600 _____ () C:\Program Files\Winamp\Plugins\gen_tray.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

==================== Faulty Device Manager Devices =============

Name: szkg
Description: szkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: szkg
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2013 06:14:48 PM) (Source: ESENT) (User: )
Description: svchost (1244) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/13/2013 06:14:47 PM) (Source: ESENT) (User: )
Description: svchost (1244) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/13/2013 06:14:45 PM) (Source: ESENT) (User: )
Description: svchost (1244) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/13/2013 06:14:43 PM) (Source: ESENT) (User: )
Description: svchost (1244) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/13/2013 06:14:42 PM) (Source: ESENT) (User: )
Description: svchost (1244) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/31/2013 00:18:08 AM) (Source: Application Hang) (User: )
Description: Hanging application AutoMKV0984.exe, version 0.98.241.1222, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/03/2013 03:43:53 AM) (Source: VsJITDebugger) (User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in process #4000. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (08/01/2013 03:34:02 AM) (Source: VsJITDebugger) (User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in winamp.exe [2072]. Just-In-Time debugging this exception failed with the following error: The remote procedure call failed.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (07/22/2013 10:24:29 PM) (Source: Application Hang) (User: )
Description: Hanging application smplayer.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/08/2013 06:07:13 AM) (Source: Application Hang) (User: )
Description: Hanging application smplayer.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (10/19/2013 09:07:29 PM) (Source: DCOM) (User: USER-2A1DED054E)
Description: DCOM got error "%%1058" attempting to start the service ImapiService with arguments "-Service"
in order to run the server:
{520CCA63-51A5-11D3-9144-00104BA11C5E}

Error: (10/19/2013 08:58:51 PM) (Source: DCOM) (User: USER-2A1DED054E)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (10/19/2013 06:48:11 AM) (Source: DCOM) (User: USER-2A1DED054E)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (10/19/2013 06:42:25 AM) (Source: DCOM) (User: USER-2A1DED054E)
Description: DCOM got error "%%1058" attempting to start the service ImapiService with arguments "-Service"
in order to run the server:
{520CCA63-51A5-11D3-9144-00104BA11C5E}

Error: (10/19/2013 00:29:57 AM) (Source: DCOM) (User: USER-2A1DED054E)
Description: DCOM got error "%%1058" attempting to start the service ImapiService with arguments "-Service"
in order to run the server:
{520CCA63-51A5-11D3-9144-00104BA11C5E}

Error: (10/19/2013 00:20:51 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/18/2013 11:55:51 PM) (Source: DCOM) (User: USER-2A1DED054E)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (10/18/2013 10:55:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/18/2013 07:29:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK7
AVGIDSDriver
AVGIDSShim
Avgldx86
cmdGuard
Fips

Error: (10/18/2013 07:29:26 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (09/13/2013 06:14:48 PM) (Source: ESENT)(User: )
Description: svchost1244C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (09/13/2013 06:14:47 PM) (Source: ESENT)(User: )
Description: svchost1244C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (09/13/2013 06:14:45 PM) (Source: ESENT)(User: )
Description: svchost1244C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (09/13/2013 06:14:43 PM) (Source: ESENT)(User: )
Description: svchost1244C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (09/13/2013 06:14:42 PM) (Source: ESENT)(User: )
Description: svchost1244C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/31/2013 00:18:08 AM) (Source: Application Hang)(User: )
Description: AutoMKV0984.exe0.98.241.1222hungapp0.0.0.000000000

Error: (08/03/2013 03:43:53 AM) (Source: VsJITDebugger)(User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in process #4000. Just-In-Time debugging this exception failed with the following error: The process ID is invalid.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (08/01/2013 03:34:02 AM) (Source: VsJITDebugger)(User: USER-2A1DED054E)
Description: An unhandled win32 exception occurred in winamp.exe [2072]. Just-In-Time debugging this exception failed with the following error: The remote procedure call failed.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (07/22/2013 10:24:29 PM) (Source: Application Hang)(User: )
Description: smplayer.exe0.0.0.0hungapp0.0.0.000000000

Error: (07/08/2013 06:07:13 AM) (Source: Application Hang)(User: )
Description: smplayer.exe0.0.0.0hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 83%
Total physical RAM: 511.48 MB
Available physical RAM: 83.37 MB
Total Pagefile: 1248.13 MB
Available Pagefile: 449.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:38.33 GB) (Free:8.07 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive h: (SCSI1_VOL1) (Fixed) (Total:74.53 GB) (Free:7.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 38 GB) (Disk ID: 3B357253)
Partition 1: (Active) - (Size=38 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 75 GB) (Disk ID: 371448BD)
Partition 1: (Not Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 17,184 posts
Hello arclight,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Next

Disable AVG as it will interfere with the next tool we want to use. It's possible that even this won't be enough and you may have to uninstall it temporarily.

You used to be able disable AVG's Resident Shield as follows. Hopefully that still works.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.

Step 2

Please also turn off Comodo as it will interfere with the fix we want to carry out.

Most likely this can be done by a double click on the Shield Icon

Click each monitor (left hand side) separately and turn them off - see Turn On and Turn Off check items in the task bar above the Component list.

After that

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files


  • 0

#5
arclight

arclight

    Member

  • Member
  • PipPipPip
  • 176 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-10-2013
Ran by user at 2013-10-20 01:39:43 Run:1
Running from H:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S3 CrucialSMBusScan; \??\C:\DOCUME~1\user\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys [x]
C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}
C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\@

*****************

CrucialSMBusScan => Service deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393} => Moved successfully.
"C:\Documents and Settings\user\Local Settings\Application Data\{7212e2db-086c-070c-2a7c-83a0867dd393}\@" => File/Directory not found.

==== End of Fixlog ====
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 17,184 posts
Hello arclight,

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications including Comodo as before. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
arclight

arclight

    Member

  • Member
  • PipPipPip
  • 176 posts
I had AVG disabled but it keep saying it was running. Avira has been uninstalled and replaced with AVG for some time, i'm not sure why that came up.

Also recived a message when i turned commodo defense back on saying that C:\Combofix\sed.3xe wanted to access winamp COM interface, is this normal?.

ComboFix 13-10-19.02 - user 20/10/2013 19:54:32.20.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.232 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\EventSystem.log
c:\windows\system32\ghspln2.log
c:\windows\system32\PowerToyReadme.htm
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-09-20 to 2013-10-20 )))))))))))))))))))))))))))))))
.
.
2013-10-19 22:10 . 2013-10-19 22:10 -------- d-----w- C:\FRST
2013-10-09 19:57 . 2013-10-09 19:57 -------- d-----w- C:\found.015
2013-09-26 18:00 . 2013-09-26 18:00 208760 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-26 18:00 . 2013-09-26 18:00 208760 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-09-23 00:04 . 2013-10-06 05:29 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\SMPlayer2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 20:53 . 2012-04-06 13:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 20:53 . 2011-06-03 20:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-10 00:34 . 2012-09-21 03:45 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 00:43 . 2012-09-14 03:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-08-03 03:42 . 2013-08-03 03:42 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe
2013-08-03 16:58 . 2013-08-03 16:58 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Firewall\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alarm Master.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alarm Master.lnk
backup=c:\windows\pss\Alarm Master.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^_uninst_setup_9.0.0.722_02.05.2011_21-33.exe.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\_uninst_setup_9.0.0.722_02.05.2011_21-33.exe.lnk
backup=c:\windows\pss\_uninst_setup_9.0.0.722_02.05.2011_21-33.exe.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2008-03-12 21:07 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 12:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2008-03-27 02:15 107176 ----a-w- c:\program files\Lexmark Z2300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 11:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdpmon.exe]
2008-03-27 02:15 656040 ----a-w- c:\program files\Lexmark Z2300 Series\lxdpmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-10 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRFirstRun]
2008-04-14 04:42 67584 ----a-w- c:\windows\system32\srclient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 12:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 06:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MDM"=2 (0x2)
"lxdp_device"=2 (0x2)
"lxdpCATSCustConnectService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"SBCSSvc"=2 (0x2)
"aawservice"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ImapiService"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpwbgw.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 04:48 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 04:05 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 14:02 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 04:45 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 04:30 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 04:46 182072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [02/05/2011 21:36 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [02/05/2011 21:36 32640]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23/07/2013 19:09 283136]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [19/04/2011 07:44 399416]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [04/07/2013 15:53 4939312]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [06/04/2008 15:25 423576]
S3 kardelia;Rootkit Unhooker Driver; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 09:30 15544]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [08/12/2008 02:54 15104]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19/04/2011 07:44 993848]
S3 uti1mtkw;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uti1mtkw.sys --> c:\windows\system32\Drivers\uti1mtkw.sys [?]
S4 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
S4 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [07/09/2011 20:28 98984]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 08:01 2799808]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" --> c:\program files\STOPzilla!\szntsvc.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{2E48C6C8-C493-4C95-98E0-262A57C9830D}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\
FF - ExtSQL: !HIDDEN! 2009-12-07 05:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-aawservice
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SBCSTray - c:\program files\Sunbelt Software\CounterSpy\SBCSTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-20 20:23
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(772)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2013-10-20 20:33:55
ComboFix-quarantined-files.txt 2013-10-20 19:33
.
Pre-Run: 8,570,486,784 bytes free
Post-Run: 8,567,025,664 bytes free
.
- - End Of File - - 7C09216C883AC151115578CD8DBCB840
8F558EB6672622401DA993E1E865C861

Edited by arclight, 20 October 2013 - 02:51 PM.

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 17,184 posts

I had AVG disabled but it keep saying it was running.


Yes most of the AVs nowadays work very deep down and still keep working even when you think you have turned them off. Sometimes we have to uninstall them to allow our tools to work. In this instance though ComboFix seems to have run okay.

Avira has been uninstalled and replaced with AVG for some time, i'm not sure why that came up.


Some left overs no doubt. Most of the uninstall utilities for AVs are notorious for leaving bits behind.

This tool should help your remove it:

Download AppRemover and run it.

Click Next >>
Posted Image

Ensure Remove Security Application is collected and click Next >>
Posted Image

AppRemover will scan all the security applications on your PC
Posted Image

Select Any <<Avira>> entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot, please do so.

Also recived a message when i turned commodo defense back on saying that C:\Combofix\sed.3xe wanted to access winamp COM interface, is this normal?.


I don't use Comodo but I believe it will be wanting to monitor winamp which I would allow.

Now

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
After that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.
When you return please post
  • JRT.txt
  • Results of ESET Scan
  • and tell me how your computer is now

  • 0

#9
arclight

arclight

    Member

  • Member
  • PipPipPip
  • 176 posts
Appremover didn't bring up any Avira software, only MBAM, AVG and Spybot.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by user on 21/10/2013 at 0:39:23.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\user\Application Data\mozilla\firefox\profiles\x36qtul5.default\minidumps [11 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/10/2013 at 0:55:51.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f0e33838b822f34da6d080108593970c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-01 08:21:31
# local_time=2010-08-01 09:21:31 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=256 16777215 100 0 90949676 90949676 0 0
# compatibility_mode=1024 16777215 100 0 30797258 30797258 0 0
# compatibility_mode=1797 16775125 100 94 225199 53323235 68606 0
# compatibility_mode=8192 67108863 100 0 189 189 0 0
# scanned=153970
# found=8
# cleaned=0
# scan_time=25373
C:\Documents and Settings\user\Desktop\testmh-repair.exe Win32/Adware.ErrorRepairPro application 00000000000000000000000000000000 I
C:\Documents and Settings\user\Desktop\testmh.exe Win32/Adware.ErrorRepairPro application 00000000000000000000000000000000 I
C:\Program Files\Common Files\Wise Installation Wizard\WIS21AE04E8EBF640DB9AA9B7A80C5D057D_2_4_5.MSI probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
C:\Program Files\mkv2vob\loader.exe.old probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\07292010_220100\C_WINDOWS\odahujojulo.dll a variant of Win32/Cimag.CK trojan 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\07292010_220100\C_WINDOWS\SDOCoc.dll a variant of Win32/Kryptik.FRZ trojan 00000000000000000000000000000000 I
F:\(NEW)The Prodigy - Their Law The Singles 1990-2005(hifi-torrents)\errepair.exe Win32/Adware.ErrorRepairPro application 00000000000000000000000000000000 I
F:\(NEW)The Prodigy - Their Law The Singles 1990-2005(hifi-torrents)\Sony.ACID.Pro.v6.0c.Incl.Keygen-SSG\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f0e33838b822f34da6d080108593970c
# engine=13187
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-19 05:53:38
# local_time=2013-02-19 05:53:38 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1039 16777213 100 99 58209 48383602 0 0
# compatibility_mode=3074 16777213 100 100 60151 63562000 0 0
# scanned=186629
# found=0
# cleaned=0
# scan_time=19868
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f0e33838b822f34da6d080108593970c
# engine=15557
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-21 09:52:04
# local_time=2013-10-21 10:52:05 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1039 16777213 100 92 37676 69479509 0 0
# compatibility_mode=3074 16777213 100 100 21156058 84657907 0 0
# scanned=215407
# found=9
# cleaned=9
# scan_time=25747
sh=13DDFA1862B74BDBBC06FC8766B36B9B73B25760 ft=1 fh=891ef6f01345cc13 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\user\Desktop\safari\SetupImgBurn_2.5.7.0.exe"
sh=5B306F592F2CAFE39B33F4D0B5FE583F3702A1C8 ft=1 fh=e080777c6980e21c vn="Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\user\Desktop\safari\SoftonicDownloader_for_kmplayer.exe"
sh=E49A881FECEF5ADA2ABEC3AB3B164FA5533A4758 ft=1 fh=a126ecacfa0a2246 vn="a variant of Win32/OpenInstall application (cleaned by deleting - quarantined)" ac=C fn="H:\Avi2Dvdv064.exe"
sh=AE73257F8A0C7EBDA4BF17B64F45AE1DBEDC14E2 ft=1 fh=022750d2fc0ba2b5 vn="a variant of Win32/Bundled.Toolbar.Ask.D application (cleaned by deleting - quarantined)" ac=C fn="H:\cpu-z_1.63-setup-en.exe"
sh=05519486204AA1F7305D073923CC2B6C0C43D3A2 ft=1 fh=aa55ced82a0c6a58 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="H:\FFSetup300.exe"
sh=5CA96A0C243390C378DEE1A629684EA261E2CFC4 ft=1 fh=a717dcd23690f0a7 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="H:\SetupImgBurn_2.5.8.0.exe"
sh=B94DC7B2E118AC3C957B1BBB62418BB584DE0090 ft=1 fh=a3478a4569f1f8d8 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="H:\smplayer-0.8.5-mp2-ps-win32.exe"
sh=94A549CEE76A2C946DAE55CA4D10125B55AE9362 ft=1 fh=f0dcb25d044142bf vn="a variant of Win32/OpenInstall application (cleaned by deleting - quarantined)" ac=C fn="H:\VSODivXtoDVDFreewarev052b.exe"
sh=98010202BC7F3C7DBE7D8A6C6D1F63B92102B7DB ft=1 fh=9759d6e02bcd8cb9 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="H:\winamp562_full_emusic-7plus_all.exe"


The PC is running OK however the issue occured with svchost.exe earlier on Sunday. Its a strange issue in that on some days everything will be fine and then it will appear. Last week it didn't occur until Friday after initially occuring on Saturday 13th so 5 days went by without any issue.


Also with ESET should i check the 'delete quarantined files' as well as Uninstall option?

EDIT: Just booted up my PC and the same problem still occurs. svchost.exe is at 100% cpu usage and the other programs have trouble running.

Edited by arclight, 21 October 2013 - 12:46 PM.

  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 17,184 posts

Also with ESET should i check the 'delete quarantined files' as well as Uninstall option?


Yes. :thumbsup:

Appremover didn't bring up any Avira software, only MBAM, AVG and Spybot.


Let's see if this makes a difference.

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

    :OTL
    [2011/10/09 22:35:00 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

    :Files
    c:\program files\Avira
    ipconfig /flushdns /c

    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

  • 0

#11
arclight

arclight

    Member

  • Member
  • PipPipPip
  • 176 posts
All processes killed
========== OTL ==========
C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.
File ptytemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 10212013_220539

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 17,184 posts
Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#13
arclight

arclight

    Member

  • Member
  • PipPipPip
  • 176 posts
Results of screen317's Security Check version 0.99.74
x86
``````````````Antivirus/Firewall Check:``````````````
AVG 2013
COMODO Internet Security
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Secunia PSI (2.0.0.3003)
Rootkit Unhooker LE 3.8 SR 1
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Mozilla Firefox 18.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 17,184 posts
Your Java is out of date. Older versions are vunerable to attack.

Please follow these steps:

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Step 2

Your Firefox is out of date.

After those actions come back and tell me if there is any difference in your machine.

Go to Firefox > Help > About Firefox and allow it to check and update your browser.

Step 3

Care: Do not download and use if your hard drive is SSD (Solid State Disk).



Download Auslogics Disk Defrag and save it to your Desktop.

Double click and follow the prompts to install it. Note: only install the defrag utility. Some versions come with Askbar toolbars... do not install those or any other foistware that might be promoted.

Once installed, run the defrag utility.

At the end the utility may tell you that it has found Junk Files and recommend that you run a scan to remove. Disregard that suggestion, it is a promotion of a tool you don't need. All we are interested in here is the defrag. process.

Note: Do not download Windows Registry Cleaner which is promoted at the same site.
  • 0

#15
arclight

arclight

    Member

  • Member
  • PipPipPip
  • 176 posts
I installed the newest version of Java 7.45

On the java.com site i used the tool to check for any older versions and it found two

Java 6 update 22
Java 6 update 29

I clicked the option to uninstall the older versions but it didn't work. It said to manually uninstall both using add/remove programs.

I checked add/remove programs and it didn't list any Java apart from the version i installed 7.45.
It said version 6 update 7 was installed but an error came up when i tried to uninstall it

Revo uninstaller only detects version 7.45

I also went to

Firefox > Help > About Firefox and allow it checked and said it was up to date(version 24.0).

http://www.mozilla.o...firefox/update/ also confirmed i am up to date.


How do i confirm if my hard drive is SSD (Solid State Disk)?

Thx

Edited by arclight, 21 October 2013 - 06:45 PM.

  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured