PC wireless connectivity post malware

plumtast · Oct 31, 2012

=================================================
Extras Log:

OTL Extras logfile created on: 31/10/2012 12:15:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 486.04 Mb Available Physical Memory | 47.49% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.18% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.36 Gb Total Space | 84.97 Gb Free Space | 37.05% Space Free | Partition Type: NTFS
Drive D: | 33.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MESH | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}" = AVG 2013
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3
"{07FFDC2A-DDCB-4E5E-A3C4-D1B46CF1BF4F}" = Virtual Midi Controller Demo
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}" = Sony ACID Music Studio 5.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1446A30C-6DAF-461E-96B1-31C554870082}_is1" = Tag - IGF Professional 2008
"{150FEA49-4039-4458-B9D0-F19CC17229FE}" = LEGO Star Wars 2 DEMO
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{160F1966-21BA-4FF9-9856-714E0A45DFEF}_is1" = gdTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help
"{1E61538A-D482-4252-BBB7-D892FD52FC50}" = Grabster AV 400
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{295C07FB-4CB7-4060-BDA8-01964D748955}" = WinPOD
"{2B8151AE-7D9A-4A1C-8C94-CBCC7A45BB23}" = AVG 2013
"{2C1A70C0-6E4B-4177-8CF7-0B941B268794}" = Serif 3DPlus 3.0
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39B1915D-3CBA-42F8-8A58-2AB5587BF863}" = Microsoft Office PowerPoint 2003 Template Creation Wizard
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3DFA5FC6-C241-4B42-87DF-8AEB0FE975C2}" = Nature Theme 1 Animal
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42151323-36EA-4578-B10C-540CDEE18423}_is1" = XtenDS 8
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F0B76FF-2033-47F2-922B-BF62C366B6C9}" = BlueTunes
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543A5E2A-FEE5-4DA5-AE2C-4668C8652A24}" = WiiMedia Savegame Manager
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620797B0-A022-4B57-A95E-DD7DD0341016}" = HideAnyWindow
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ED4F0D8-E36B-4B33-ACCB-713734897A43}" = Inspyder Finder Trial
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74E03281-FA64-11D3-B8D7-0080C8FCA09C}" = Enemy Engaged RAH66 Comanche Vs KA52 Hokum
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7989FC0E-85EC-4C8D-AD5C-3FD1398261A7}" = ATI Catalyst Control Center
"{7A98F3A8-5702-4395-950B-5F7C2151CD9B}" = O-Generator Demo
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{839911F0-D9CB-400F-AE78-5D8264F38C42}" = OutRun2006 Coast 2 Coast
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87E8AD7D-31B2-4C09-8D96-30D9128C7C40}" = Pacific Combat Pilot
"{8874FD36-7C9D-4573-8956-E368D6753D90}" = Worms Blast
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B94BE6F-7CA3-4C40-A266-62667FF746CC}" = ATI Drivers
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A79A4843-DDCD-489B-AAEC-5A7FB4E905C9}" = Google Desktop TimeWarp Plugin
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B19C841C-D60A-462F-AB86-4FDD51A77FA3}" = NILE THEME
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE9B7A3D-BB08-427D-9B3E-508568EE90D9}" = gdShutdown
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1BC3E6F-B77B-46D9-A2D4-6849DFE139AF}" = VRC_Demo_v323_English
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9BFF8C0-2698-4E07-A808-5971E573D257}_is1" = Quintessence - The Blighted Venom [Chapter 1 - 11]
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D55D7EE6-3013-47AC-BE71-51AA35A221AB}" = Quake Live Internet Explorer Plugin
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF3ABC1A-CA26-460C-944B-7C9E2C55CB73}" = Google Desktop Plugin - DigiWatch
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E397F6F0-AEE4-4236-BB05-1351350F8365}" = War Rock
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EAC6915F-7AD3-4247-9CD5-204B2A0C3AC4}" = Pure Motion EditStudio 4
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1A36967-8AF5-4BDB-90BB-F6B2750839E1}" = SynthEdit
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7C6D087-D5D6-46F8-857D-BBD6D26289D3}" = Safester
"{F7D767EF-0AA7-4F0B-809D-1E021893811A}" = VirtualBox OSE
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Addon RT6x Wireless LAN Card
"{FAC5A618-C41C-485F-826C-3589BDA34CE7}" = BOINC
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"A9CD4C7D-6D93-4B56-A226-1D28DB060A87_is1" = Test Tone Generator 4.2
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIMars" = Kids Cam Sticker Factory
"Akamai" = Akamai NetSession Interface Service
"Alien Arena 2010_is1" = Alien Arena 2010
"All ATI Software" = ATI - Software Uninstall Utility
"Alpha 3" = Alpha 3
"AnalogX SayIt" = AnalogX SayIt
"Anvi Smart Defender" = Anvi Smart Defender 1.6
"Apache Havoc" = Apache Havoc
"Apache Havoc Patch 1.1" = Apache Havoc Patch 1.1
"Artillery2 CM Edition" = Artillery2 CM Edition
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2013
"AviSynth" = AviSynth 2.5
"Battleships Forever_is1" = Battleships Forever v0.90d
"BRACX2_is1" = Bratz Activity Centre
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"CCleaner" = CCleaner
"CE Launcher_is1" = 1.0
"Chain Reaction Demo" = Chain Reaction Demo (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem
"Collab" = Collab
"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"DivX Content Uploader" = DivX Content Uploader
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DJ Mix Pro" = DJ Mix Pro
"DLDIrc" = DLDIrc
"Doctor.scr" = Doctor ScreenSaver
"dreamDeals Plugin_is1" = dreamDeals Plugin 1.0
"Electric Sheep" = Electric Sheep 2.7b26
"eMule" = eMule
"Ewisoft Website Builder (include eCommerce Builder)_is1" = Ewisoft Website Builder (include eCommerce Builder)
"Expression Tone Generator" = Expression Tone Generator
"Eyewitness History of the World 2.0" = Eyewitness History of the World 2.0
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"FL Studio 8" = FL Studio 8
"FlightGear_is1" = FlightGear v1.0.0
"foldit" = foldit
"Frets on Fire" = Frets On Fire
"Frontier Compute Engine" = Frontier Compute Engine
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"HF_screensaver" = HF_screensaver
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iF/A-18" = iF/A-18 Carrier Strike Fighter
"igLoader" = igLoader
"IL Download Manager" = IL Download Manager
"Impulse" = Impulse
"InstallShield_{150FEA49-4039-4458-B9D0-F19CC17229FE}" = LEGO Star Wars 2 DEMO
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InterActual Player" = InterActual Player
"Intermorphic Noatikl_is1" = Intermorphic Noatikl 1.5
"IrfanView" = IrfanView (remove only)
"KartRider" = ?????
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"LETHAL JUDGMENT 2 - Orbital Apocalypse_is1" = Version 1.0
"Lethal Judgment 3 End Game_is1" = Lethal Judgment 3 1.0
"MAGIX Music Maker 14 silver UK" = MAGIX Music Maker 14 silver 13.0.1.10 (UK)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mnemosyne_is1" = Mnemosyne 1.2.2
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Muddle Earth" = Muddle Earth Screen Saver
"MultiGen" = MultiGen
"Music Editing System" = Music Editing System
"Net Snippets" = Net Snippets
"NetBattle_is1" = NetBattle
"Nimbuzz" = Nimbuzz 1.5.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = oggcodecs 0.71.0946
"Onelog_Client_1.0" = MultiResource Client 2.8.0.11
"OpenAL" = OpenAL
"Orb" = Orb
"PoiZone" = PoiZone
"Pokémon Reader 2_is1" = Pokémon Reader 2 (Build 53)
"POL Map editor" = POL Map editor
"Polychromatic Funk Monkey_is1" = Polychromatic Funk Monkey 1.4
"PunkBusterSvc" = PunkBuster Services
"Puzzle Pirates" = Puzzle Pirates
"Reaktor Demo" = Reaktor Demo
"RealPlayer 6.0" = RealPlayer
"ReCycle Demo_is1" = ReCycle Demo 2.1.2
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"ST6UNST #1" = Bedfordshire Prime
"ST6UNST #2" = ER- 0 Drum Synth
"Starsiege TRIBES" = Starsiege TRIBES 1.8
"Steam App 11910" = Lumines Demo
"Steam App 13140" = America's Army 3
"Steam App 1502" = Darwinia Demo
"Steam App 18610" = Mayhem Intergalactic Demo
"Steam App 18710" = And Yet it Moves - Demo
"Steam App 18800" = Zero Gear Demo
"Steam App 20720" = Starscape Demo
"Steam App 21510" = Pyroblazer Demo
"Steam App 219" = Half-Life 2: Demo
"Steam App 22220" = Zeno Clash Demo
"Steam App 22620" = Alien Breed: Impact Demo
"Steam App 23480" = Ceville - Demo
"Steam App 26810" = Braid Demo
"Steam App 2730" = ThreadSpace: Hyperbol Demo
"Steam App 29110" = Retro/Grade IGF Demo
"Steam App 29140" = Between IGF Demo
"Steam App 29170" = Blueberry Garden Demo
"Steam App 29200" = Osmos Demo
"Steam App 32159" = Everyday Genius: SquareLogic Demo
"Steam App 3412" = Heavy Weapon Deluxe Demo
"Steam App 3483" = Peggle Extreme
"Steam App 34930" = Razor2: Hidden Skies - Demo
"Steam App 35710" = Trine Demo
"Steam App 36920" = All Aspects of Warfare - Demo
"Steam App 37510" = Magnetis Demo
"Steam App 37810" = QuantZ Demo
"Steam App 3840" = Psychonauts Demo
"Steam App 38910" = Rhythm Zone - Demo
"Steam App 40430" = Tidalis Demo
"Steam App 40710" = Machinarium Demo
"Steam App 410" = Portal: First Slice
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41020" = Serious Sam HD: The First Encounter Demo
"Steam App 41220" = Eufloria - Demo
"Steam App 42510" = Dogfighter Demo
"Steam App 4330" = Star Trek: DÂ·AÂ·C - Demo
"Steam App 44205" = Galcon Fusion Demo
"Steam App 45430" = Fortix - Demo
"Steam App 46010" = Bob Came in Pieces Demo
"Steam App 4610" = Full Pipe Demo
"Steam App 46610" = Swarm Arena Demo
"Steam App 480" = Spacewar
"Steam App 57210" = Puzzle Dimension Demo
"Steam App 58220" = Jolly Rover Demo
"Steam App 58410" = Turba Demo
"Steam App 6110" = Eets Demo
"Steam App 70310" = VVVVVV Demo
"Steam App 70410" = Recettear: An Item Shop's Tale - Demo
"Steam App 70910" = Star Ruler - Demo
"Steam App 8900" = Freedom Force - Demo
"Steam App 8910" = Freedom Force vs. the 3rd Reich - Demo
"Steam App 92" = Codename Gordon
"Steam App 9950" = Blade Kitten Demo
"Synaesthete_is1" = Synaesthete (v1.0)
"SystemRequirementsLab" = System Requirements Lab
"Tremulous" = Tremulous 1.1.0
"Tribes 2" = Tribes 2
"Ultrafighters" = Ultrafighters
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Vimidi_is1" = Vimidi 1.0
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Warp Pipe" = Warp Pipe Beta
"WarZone Client v1.0.44" = WarZone Client v1.0.44
"WavePad" = WavePad Sound Editor
"WFCStatus" = WFCStatus 1.5.0.10
"Wii Video 9" = Wii Video 9 2.25
"WildSnake Pinball: Christmas Tree_is1" = WildSnake Pinball: Christmas Tree 1.34
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.0
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Pokemon - Den of Ages" = Pokemon - Den of Ages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/10/2012 08:24:23 | Computer Name = MESH | Source = PerfNet | ID = 2006
Description = Unable to read Server Queue performance data from the Server service.
No
Server Queue performance data will be returned in this sample. Error code returned
is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Error - 29/10/2012 13:09:28 | Computer Name = MESH | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 30/10/2012 04:47:16 | Computer Name = MESH | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 30/10/2012 04:49:54 | Computer Name = MESH | Source = BOINC | ID = 1
Description =

Error - 30/10/2012 15:16:50 | Computer Name = MESH | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 30/10/2012 15:22:21 | Computer Name = MESH | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x456713e8.

Error - 30/10/2012 15:22:29 | Computer Name = MESH | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 30/10/2012 15:25:08 | Computer Name = MESH | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 31/10/2012 05:43:12 | Computer Name = MESH | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 31/10/2012 06:18:14 | Computer Name = MESH | Source = Ci | ID = 4118
Description = A content scan could not be completed on c:\.

[ System Events ]
Error - 31/10/2012 05:45:15 | Computer Name = MESH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSDriver AVGIDSShim MpFilter

Error - 31/10/2012 05:51:08 | Computer Name = MESH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 31/10/2012 06:09:12 | Computer Name = MESH | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%31

Error - 31/10/2012 06:09:34 | Computer Name = MESH | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%31

Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7000
Description = The AntiMalware Host-based Intrusion Prevention System service failed
to start due to the following error: %%31

Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7000
Description = The AnviSmartDefender Web Guard service failed to start due to the
following error: %%31

Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%31

Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7023
Description = The Anvi Smart Defender Realtime Guard Service service terminated
with the following error: %%2

Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 31/10/2012 08:07:05 | Computer Name = MESH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSDriver AVGIDSShim MpFilter

< End of report >

======================================

mbam log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.31.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: MESH [administrator]

31/10/2012 10:11:57
mbam-log-2012-10-31 (10-11-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 421519
Time elapsed: 1 hour(s), 35 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3EA4FD1-CADE-4AE5-84F7-086EEE888BE4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\WINDOWS\system32\regedit.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Documents and Settings\All Users\Application Data\386C33D85747E24000B1386B834FC480\386C33D85747E24000B1386B834FC480.exe (Trojan.LameShield.SIN) -> Quarantined and deleted successfully.
C:\Documents and Settings\visitor\My Documents\Downloads\installer_gravity_bone.exe (PUP.BundleInstaller.PHP) -> Quarantined and deleted successfully.
C:\Documents and Settings\visitor\My Documents\Downloads\SkipScreen-Setup.exe (PUP.Zugo) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mstsrate.dll (Trojan.Fakeroot) -> Quarantined and deleted successfully.
C:\Documents and Settings\visitor\Local Settings\Temp\3575359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\visitor\kedxalekcyfy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\visitor\Local Settings\Temp\ms0cfg32.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.

(end)

Starbuck · Oct 31, 2012

Hi plumtast

I've removed my last post about running Combofix in Safe Mode.

We need to address something else first:

The following programs Must be removed:

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) 6 Update 35

Reboot the system when these have been removed.

Do NOT remove:
Java 7 Update 9

Also please remove:
Anvi Smart Defender

We all like getting something for free, but relying on Anvi Smart Defender for antivirus could be an expensive proposition. In testing, it proved almost wholly unable to cleanup malware threats and also did a very poor job preventing malware attacks on a clean system. Worse, it repeatedly identified perfectly valid Windows files as malware. You've been warned; stay away.

It also contains an Anti Virus... so it needs to be removed to stop conflicts.

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG 2013 or Microsoft Security Essentials.
Entirely up to you which you remove.
But if you do need a recommendation.... get rid of AVG and keep MSSE.

When all this is done.... try running Combofix again.

plumtast · Nov 1, 2012

Starbuck said:
Hi plumtast

I've removed my last post about running Combofix in Safe Mode.

We need to address something else first:

The following programs Must be removed:

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) 6 Update 35

Reboot the system when these have been removed.

Do NOT remove:
Java 7 Update 9

Also please remove:
Anvi Smart Defender

It also contains an Anti Virus... so it needs to be removed to stop conflicts.

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG 2013 or Microsoft Security Essentials.
Entirely up to you which you remove.
But if you do need a recommendation.... get rid of AVG and keep MSSE.

When all this is done.... try running Combofix again.

=====================================

Ok, many thanks for that. Combofix log:

ComboFix 12-10-31.03 - 31/10/2012 21:02:29.1.2 - x86 NETWORKMicrosoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.753 [GMT 0:00]
Running from: c:\documents and settings\\Desktop\ComboFi.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\n\My Documents\~WRL1282.tmp
c:\documents and settings\n\My Documents\~WRL1422.tmp
c:\documents and settings\\My Documents\~WRL1425.tmp
c:\documents and settings\\My Documents\~WRL1477.tmp
c:\documents and settings\\My Documents\~WRL1743.tmp
c:\documents and settings\\My Documents\~WRL1894.tmp
c:\documents and settings\\My Documents\~WRL1962.tmp
c:\documents and settings\\My Documents\~WRL2216.tmp
c:\documents and settings\\My Documents\~WRL2388.tmp
c:\documents and settings\\My Documents\~WRL2511.tmp
c:\documents and settings\\My Documents\~WRL2614.tmp
c:\documents and settings\\My Documents\~WRL2733.tmp
c:\documents and settings\\My Documents\~WRL2833.tmp
c:\documents and settings\\My Documents\~WRL3051.tmp
c:\documents and settings\\My Documents\~WRL3286.tmp
c:\documents and settings\\My Documents\~WRL3645.tmp
c:\documents and settings\\My Documents\~WRL3979.tmp
c:\documents and settings\\WINDOWS
c:\documents and settings\\WINDOWS
c:\documents and settings\\WINDOWS
C:\install.exe
c:\program files\JournalViewer1.5_KB886179_ENU.exe
c:\program files\Windows-KB890830-V1.17.exe
c:\program files\WindowsXP-KB884020-x86-enu.exe
c:\program files\WindowsXP-KB908531-v2-x86-ENU.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
C:\VDM1AC.tmp
C:\VDM1AD.tmp
C:\VDM1B0.tmp
C:\VDM1B1.tmp
C:\VDM1B4.tmp
C:\VDM1B5.tmp
c:\windows\apppatch\AppLoc.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\@
c:\windows\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\n
c:\windows\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\00000001.@
c:\windows\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\80000000.@
c:\windows\Installer\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\800000cb.@
c:\windows\pthreadGC2.dll
c:\windows\system32\drivers\8b780ee2e5d8e336.sys
c:\windows\system32\html
c:\windows\system32\html\blank.htm
c:\windows\system32\html\bot.htm
c:\windows\system32\html\innerframeset.htm
c:\windows\system32\html\left.htm
c:\windows\system32\html\main.htm
c:\windows\system32\html\middle.htm
c:\windows\system32\html\rightframeset.htm
c:\windows\system32\html\top.htm
c:\windows\system32\html\website.htm
c:\windows\system32\images
c:\windows\system32\images\3models.gif
c:\windows\system32\images\but3_off.gif
c:\windows\system32\images\but3_on.gif
c:\windows\system32\images\main_bot.gif
c:\windows\system32\images\main_mid.gif
c:\windows\system32\images\main_top.gif
c:\windows\system32\images\model1.gif
c:\windows\system32\images\panel_bot.gif
c:\windows\system32\images\panel_top.gif
c:\windows\system32\images\pc.gif
c:\windows\system32\images\pcw_award_cover.gif
c:\windows\system32\images\pcwcover.gif
c:\windows\system32\images\Thumbs.db
c:\windows\system32\images\topoff.gif
c:\windows\system32\images\topon.gif
c:\windows\system32\images\webscreen.gif
c:\windows\system32\logs
c:\windows\system32\logs\PBIMC
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpcap.dll
c:\windows\unin0411.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Legacy_8b780ee2e5d8e336
-------\Service_8b780ee2e5d8e336
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
.
.
2012-10-31 20:16 . 2012-10-31 20:16 -------- d-----w- c:\documents and settings\visitor\Year Of The Dragon - Busta Rhymes
2012-10-31 20:14 . 2012-10-31 20:14 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\Zipeg
2012-10-30 21:11 . 2012-10-30 21:16 678 ----a-w- c:\windows\DeleteOnReboot.bat
2012-10-30 11:15 . 2012-10-30 11:15 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\Unity
2012-10-28 16:18 . 2009-08-14 10:20 757852 ----a-w- c:\windows\system32\Scutum.dll
2012-10-28 16:18 . 2009-07-21 10:50 180224 ----a-w- c:\windows\system32\W32N55.dll
2012-10-28 16:18 . 2009-05-11 11:45 147456 ----a-w- c:\windows\system32\DiagFunc.dll
2012-10-28 16:18 . 2008-12-30 16:55 143459 ----a-w- c:\windows\system32\RalinkGina.dll
2012-10-28 16:18 . 2008-09-10 15:55 200704 ----a-w- c:\windows\system32\ssleay32.dll
2012-10-28 16:18 . 2008-09-10 15:55 1085440 ----a-w- c:\windows\system32\libeay32.dll
2012-10-28 16:18 . 2009-06-12 17:21 500096 ----a-w- c:\windows\system32\drivers\rt61.sys
2012-10-28 16:18 . 2012-10-28 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Addon Driver
2012-10-28 16:18 . 2012-10-28 16:18 -------- d-----w- c:\program files\Addon
2012-10-28 11:17 . 2012-10-28 11:17 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\Sun
2012-10-26 17:54 . 2012-10-26 17:54 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-22 20:10 . 2012-10-23 07:09 -------- d-----w- c:\program files\HideAnyWindow
2012-10-18 18:20 . 2012-10-18 18:20 -------- d-----w- c:\documents and settings\\Application Data\AVG2013
2012-10-18 18:16 . 2012-10-18 18:16 -------- d-----w- c:\documents and settings\\Application Data\TuneUp Software
2012-10-18 18:15 . 2012-10-18 18:15 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-18 18:15 . 2012-10-30 21:11 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-10-18 18:13 . 2012-10-18 18:13 -------- d-----w- C:\$AVG
2012-10-18 18:13 . 2012-10-18 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2012-10-18 18:12 . 2012-10-18 18:12 -------- d-----w- c:\program files\AVG
2012-10-18 18:07 . 2012-10-31 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-10-18 18:07 . 2012-10-18 18:07 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-10-18 18:07 . 2012-10-18 18:07 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\MFAData
2012-10-18 18:07 . 2012-10-18 18:07 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\Avg2013
2012-10-18 17:28 . 2012-10-18 17:28 -------- d-----w- c:\documents and settings\\Application Data\Malwarebytes
2012-10-18 17:27 . 2012-10-18 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-18 17:27 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-18 17:27 . 2012-10-18 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-18 17:02 . 2012-10-18 17:02 -------- d-----w- c:\documents and settings\\Application Data\Anvisoft
2012-10-18 17:01 . 2012-08-20 09:23 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2012-10-18 17:01 . 2012-08-20 09:23 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
2012-10-18 17:01 . 2012-10-18 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Anvisoft
2012-10-18 17:01 . 2012-08-20 09:23 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2012-10-18 17:01 . 2012-10-18 17:01 -------- d-----w- c:\program files\Anvisoft
2012-10-17 20:50 . 2012-10-17 20:50 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\PCHealth
2012-10-17 20:11 . 2012-10-17 20:11 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\Mozilla
2012-10-17 19:55 . 2012-10-17 19:55 -------- d-----w- c:\program files\Zone Labs
2012-10-17 19:17 . 2012-10-17 21:04 -------- d-----w- c:\documents and settings\dfgs
2012-10-17 18:04 . 2012-10-17 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\386C33D85747E24000B1386B834FC480
2012-10-13 19:42 . 2012-10-13 20:00 -------- d-----w- c:\documents and settings\visitor\safester_temp
2012-10-13 19:38 . 2012-10-13 19:38 -------- d-----w- c:\documents and settings\visitor\.awake
2012-10-13 19:34 . 2012-10-13 19:38 -------- d-----w- c:\documents and settings\visitor\safester_log
2012-10-05 02:26 . 2012-10-05 02:26 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-26 17:53 . 2012-05-24 15:46 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-26 17:53 . 2012-05-24 15:26 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-26 17:53 . 2010-10-17 15:41 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 18:19 . 2012-07-02 18:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 18:19 . 2012-07-02 18:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-21 02:45 . 2012-09-21 02:45 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-13 02:11 . 2012-09-13 02:11 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2006-06-18 16:24 . 2006-06-18 16:24 163712 ----a-w- c:\program files\pfbackup.exe
2006-06-18 16:23 . 2006-06-18 16:23 6571008 ----a-w- c:\program files\Nile_Theme_EN.msi
2006-06-18 16:22 . 2006-06-18 16:22 1638400 ----a-w- c:\program files\Nature Theme 1 - Animal_EN.msi
2006-06-18 16:18 . 2006-06-18 16:18 5566656 ----a-w- c:\program files\vviewer.exe
2006-06-18 16:13 . 2006-06-18 16:13 2931992 ----a-w- c:\program files\LEO_Setup.EXE
2006-06-18 16:11 . 2006-06-18 16:11 1389120 ----a-w- c:\program files\ppttmpl3.exe
2006-06-18 16:10 . 2006-06-18 16:10 480816 ----a-w- c:\program files\Sounds.EXE
2006-06-18 16:09 . 2006-06-18 16:09 330024 ----a-w- c:\program files\ppttpwiz.exe
2006-06-18 16:01 . 2006-06-18 16:01 7914851 ----a-w- c:\program files\Christmas Pinball.exe
2006-06-17 17:56 . 2006-06-17 17:56 2053688 ----a-w- c:\program files\GoogleDesktopSetup.exe
2006-06-15 16:29 . 2006-06-15 16:29 24070456 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2006-06-15 15:37 . 2006-06-15 15:37 17357552 ----a-w- c:\program files\Lego Designer.exe
2006-06-15 15:29 . 2006-06-15 15:29 37311488 ----a-w- c:\program files\iTunesSetup.exe
2012-10-25 18:12 . 2012-10-25 18:12 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"Akamai NetSession Interface"="c:\documents and settings\\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2005-01-14 110744]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="c:\program files\CyberLink\PowerBackup\PBKScheduler.exe" [2004-06-08 69721]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-10 185896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-06-10 4182784]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-06-10 58112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-08-23 1229104]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-8-13 155648]
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-24 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Addon Wireless Utility.lnk - c:\program files\Addon\Common\RaUI.exe [2012-10-28 1556480]
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll
"midi4"=vmcmidiport.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-20 00:32 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 13:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nimbuzz]
2011-03-01 21:43 7970816 ----a-w- c:\program files\Nimbuzz\Nimbuzz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-12-20 16:12 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 16:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-18 12:01 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1265:TCP"= 1265:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASDRM
*NewlyCreated* - AVGIDSHX
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGLOGX
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGRKX86
*NewlyCreated* - AVGTDIX
*NewlyCreated* - AVGTP
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 18:19]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-17 17:13]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-17 17:13]
.
2012-10-31 c:\windows\Tasks\User_Feed_Synchronization-{6B9DDA16-430C-4C97-BD40-7A58000A54AD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
2012-10-31 c:\windows\Tasks\User_Feed_Synchronization-{D665C24D-DAD0-4076-8D6C-97D8FCC394E5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
2010-10-03 c:\windows\Tasks\{A8A3D621-80EA-4CA3-B111-70DC422BCB12}_MESH_.job
- c:\windows\system32\mobsync.exe [2005-09-09 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7130DF06-BBC1-4e16-83D4-1F875E65B695} - {F9C00EF7-B192-4609-B2B8-D705ACE341FF} - c:\progra~1\NETSNI~1\NetSnip.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab
FF - ProfilePath - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-09-23 17:03; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Power2GoExpress - (no file)
HKCU-Run-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
SafeBoot-MsMpSvc
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
AddRemove-SystemRequirementsLab - c:\program files\SystemRequirementsLab\Uninstall.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-31 21:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1444)
c:\windows\system32\myokent.dll
c:\windows\system32\vmcmidiport.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1508)
c:\windows\system32\myokent.dll
c:\windows\system32\vmcmidiport.dll
.
- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\WININET.dll
c:\windows\system32\myokent.dll
c:\windows\system32\vmcmidiport.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Parabon\Frontier Compute Engine\bin\frontierMon.exe
c:\program files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe
c:\program files\Parabon\Frontier Compute Engine\bin\frontier.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Addon\Common\RaRegistry.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\BOINC\boinc.exe
c:\documents and settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_dsfl_vina_6.25_windows_intelx86
c:\documents and settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_sn2s_vina_6.20_windows_intelx86
c:\documents and settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_dsfl_vina_prod_x86.exe.6.25
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\documents and settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_sn2s_vina_prod_x86.exe.6.20
.
**************************************************************************
.
Completion time: 2012-10-31 22:00:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-31 21:59
.
Pre-Run: 91,074,031,616 bytes free
Post-Run: 99,897,307,136 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 11942751D064EA5AF2EFB5E8236BE6D8

Starbuck · Nov 1, 2012

Hi plumtast

Thanks for that.
Now that those items have been removed and Combofix has been run....
Let's get a fresh Otl report and deal with what is left:

Double click on OTL to run it.

Under Extra Registry section, select Use SafeList.
Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks

plumtast · Nov 8, 2012

Sorry, not been well hence delay in reply. Two posts to follow - 1 with each log.

Many thanks!

OTL

OTL logfile created on: 08/11/2012 20:01:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 455.36 Mb Available Physical Memory | 44.49% Memory free
2.40 Gb Paging File | 1.44 Gb Available in Paging File | 59.90% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.36 Gb Total Space | 89.53 Gb Free Space | 39.04% Space Free | Partition Type: NTFS
Drive D: | 33.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MESH | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierMon.exe (Parabon Computation, Inc.)
PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontier.exe (Parabon Computation, Inc.)
PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft)
PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_dsfl_vina_prod_x86.exe.6.25 ()
PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_dsfl_vina_6.25_windows_intelx86 ()
PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe (Parabon Computation, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 (The Scripps Research Institute and IBM Corporation)
PRC - C:\Program Files\Addon\Common\RaUI.exe (Addon Technology Ltd.)
PRC - C:\Program Files\Addon\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinc.exe (Space Sciences Laboratory)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_dsfl_vina_prod_x86.exe.6.25 ()
MOD - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_dsfl_vina_6.25_windows_intelx86 ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1de8e1c\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_353abf6a\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fe8bae91\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6c105c62\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_157634b6\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\WINDOWS\system32\DiagFunc.dll ()
MOD - C:\Program Files\BOINC\cudart.dll ()
MOD - C:\Program Files\BOINC\zlib1.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll ()
MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll ()
MOD - C:\WINDOWS\system32\vmcmidiport.dll ()
MOD - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll ()

========== Services (SafeList) ==========

SRV - (rpcapd) -- %ProgramFiles%\WinPcap\rpcapd.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b5e8a4c.dll ()
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Frontier Compute Engine) -- C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierMon.exe (Parabon Computation, Inc.)
SRV - (asdsrv) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Frontier Update Service) -- C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe (Parabon Computation, Inc.)
SRV - (RalinkRegistryWriter) -- C:\Program Files\Addon\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (CLSched) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (CFcatchme) -- C:\DOCUME~1\\LOCALS~1\Temp\CFcatchme.sys File not found
DRV - (catchme) -- C:\ComboFi\catchme.sys File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (asdrs) -- C:\WINDOWS\system32\drivers\asdrs.sys (Anvisoft)
DRV - (asdrm) -- C:\WINDOWS\system32\drivers\asdrm.sys (Anvisoft)
DRV - (asdws) -- C:\WINDOWS\system32\drivers\asdws.sys ()
DRV - (VBoxDrv) -- C:\Program Files\Sun\VirtualBox OSE\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetFlt) -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.)
DRV - (Scutum50) -- C:\WINDOWS\system32\drivers\Scutum50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation)
DRV - (BLKWGU(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys ()
DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (BTHidMgr) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys (IVT Corporation)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (m5287) -- C:\WINDOWS\system32\drivers\m5287.sys (ULi Electronics Inc.)
DRV - (m5289) -- C:\WINDOWS\system32\drivers\m5289.sys (ULi Electronics Inc.)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iComp) -- C:\WINDOWS\system32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (USBIO) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=-2sDKcDEApIF3bXpdzZjJfrBHrc?q={searchTerms}
IE - HKCU\..\SearchScopes\{C2353BDA-19DB-4F7E-936F-2EAA9D89C0AB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=10: C:\Program Files\Google\Google Updater\2.1.810.31257\npCIDetect10.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/01 16:12:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/17 20:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\\Application Data\Mozilla\Extensions
[2012/10/30 08:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\extensions
[2012/11/01 16:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/01 16:11:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/01 16:12:35 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/07 07:29:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/25 18:12:27 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.1.810.31257\npCIDetect10.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012/10/31 21:37:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (Net Snippets) - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" File not found
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk = C:\Program Files\Addon\Common\RaUI.exe (Addon Technology Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156003235671 (MUWebControl Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://cloverleafgames.com/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://www.candystand.com/assets/activex/virtools/CacheManager.CAB (CacheManager.CacheManagerCtrl)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://msnuk.oberon-media.com/online2/MSN_INTL_UK/insaniquarium_non_zylom/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29AF84D6-C5B5-4117-B363-6E563C03BE00}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5472BD3-8BB9-4176-9B87-A8C28AB2C5CC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/25 09:00:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/08 18:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/11/05 10:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempFDFE5C73-D615-8C64-76E1-211BA9DCFA2C-Signatures
[2012/11/04 09:27:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp50C8A26A-3FEA-478A-F4F9-D800502FC839-Signatures
[2012/11/04 09:18:45 | 000,000,000 | ---D | C] -- C:\a5dbb2febf5f6f4c8dba390a9f3a
[2012/11/01 21:43:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempDE7E0D27-FB35-C35B-7EA0-A145C4FA2B21-Signatures
[2012/11/01 18:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/11/01 18:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/01 18:14:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/11/01 16:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/01 12:58:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/31 21:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/10/31 20:35:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/10/31 20:33:50 | 000,000,000 | ---D | C] -- C:\ComboFi
[2012/10/31 20:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Zipeg
[2012/10/31 12:13:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
[2012/10/31 09:56:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\\Start Menu\Programs\Administrative Tools
[2012/10/31 09:54:53 | 004,991,994 | R--- | C] (Swearware) -- C:\Documents and Settings\\Desktop\ComboFi.exe
[2012/10/31 09:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/31 09:51:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/31 09:51:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/31 09:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/30 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Unity
[2012/10/29 21:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Desktop\RK_Quarantine
[2012/10/28 16:18:56 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/10/28 16:18:56 | 000,757,852 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2012/10/28 16:18:56 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/10/28 16:18:56 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2012/10/28 16:18:56 | 000,143,459 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2012/10/28 16:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Addon Wireless
[2012/10/28 16:18:38 | 000,500,096 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt61.sys
[2012/10/28 16:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Addon Driver
[2012/10/28 16:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Addon
[2012/10/28 11:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Sun
[2012/10/26 17:54:42 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/26 17:54:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/26 17:54:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/26 17:54:22 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/22 20:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HideAnyWindow
[2012/10/22 20:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\HideAnyWindow
[2012/10/18 18:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\AVG2013
[2012/10/18 18:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\TuneUp Software
[2012/10/18 18:15:37 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/10/18 18:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/10/18 18:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/10/18 18:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/10/18 18:07:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\MFAData
[2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/10/18 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Avg2013
[2012/10/18 17:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Malwarebytes
[2012/10/18 17:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/18 17:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/18 17:27:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/18 17:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/18 17:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Anvisoft
[2012/10/18 17:01:15 | 000,022,864 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrs.sys
[2012/10/18 17:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Anvisoft
[2012/10/18 17:01:14 | 000,016,208 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrm.sys
[2012/10/18 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anvisoft
[2012/10/18 17:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2012/10/17 21:17:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/17 21:17:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/17 20:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\PCHealth
[2012/10/17 20:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Mozilla
[2012/10/17 19:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2012/10/17 18:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\386C33D85747E24000B1386B834FC480
[2006/06/18 16:24:55 | 000,163,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\pfbackup.exe
[2006/06/18 16:18:39 | 005,566,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vviewer.exe
[2006/06/18 16:13:17 | 002,931,992 | ---- | C] (Microsoft Corporation) -- C:\Program Files\LEO_Setup.EXE
[2006/06/18 16:11:13 | 001,389,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppttmpl3.exe
[2006/06/18 16:10:43 | 000,480,816 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Sounds.EXE
[2006/06/18 16:09:50 | 000,330,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppttpwiz.exe
[2006/06/17 17:56:41 | 002,053,688 | ---- | C] (Google) -- C:\Program Files\GoogleDesktopSetup.exe
[2006/06/15 16:29:11 | 024,070,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2006/06/15 15:37:21 | 017,357,552 | ---- | C] (The LEGO Group) -- C:\Program Files\Lego Designer.exe
[2006/06/15 15:29:04 | 037,311,488 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/08 20:11:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D665C24D-DAD0-4076-8D6C-97D8FCC394E5}.job
[2012/11/08 19:33:40 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/11/08 19:28:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/08 19:19:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/08 18:28:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/08 17:37:43 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/08 17:35:40 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6B9DDA16-430C-4C97-BD40-7A58000A54AD}.job
[2012/11/08 17:29:45 | 000,012,664 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/08 17:27:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/05 13:30:12 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/11/02 10:34:10 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/01 21:52:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/01 14:26:31 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/10/31 21:41:24 | 000,427,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/31 21:41:22 | 000,069,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/31 21:37:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/31 20:32:55 | 004,991,994 | R--- | M] (Swearware) -- C:\Documents and Settings\\Desktop\ComboFi.exe
[2012/10/31 12:13:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
[2012/10/31 10:09:04 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to mbam.lnk
[2012/10/30 21:16:09 | 000,000,678 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat
[2012/10/30 21:13:30 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to AdwCleaner.lnk
[2012/10/28 16:18:53 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk
[2012/10/26 17:54:00 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/26 17:53:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/10/26 17:53:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/26 17:53:58 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/26 17:53:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/26 17:53:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/26 17:53:58 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/20 17:27:27 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012/10/18 18:15:14 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/10/18 17:01:15 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk
[2012/10/17 20:03:32 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/10/17 19:36:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/05 15:44:24 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/05 15:44:13 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/10/31 20:35:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/10/31 10:09:04 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to mbam.lnk
[2012/10/31 09:51:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/31 09:51:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/31 09:51:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/31 09:51:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/31 09:51:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/30 21:13:30 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to AdwCleaner.lnk
[2012/10/30 21:11:19 | 000,000,678 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat
[2012/10/28 16:18:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2012/10/28 16:18:56 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2012/10/28 16:18:56 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2012/10/28 16:18:53 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk
[2012/10/20 17:27:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2012/10/20 17:27:27 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012/10/18 18:16:14 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/10/18 17:01:15 | 000,014,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\asdws.sys
[2012/10/18 17:01:15 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk
[2012/09/12 09:58:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/26 11:28:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/02/15 08:38:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/30 17:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2006/09/12 17:39:15 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\\Application Data\wklnhst.dat
[2006/08/19 15:54:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\\Application Data\dm.ini
[2006/08/13 13:08:20 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 16:42:53 | 000,299,078 | ---- | C] () -- C:\Program Files\10131610.cab
[2006/06/18 16:23:42 | 006,571,008 | ---- | C] () -- C:\Program Files\Nile_Theme_EN.msi
[2006/06/18 16:22:33 | 001,638,400 | ---- | C] () -- C:\Program Files\Nature Theme 1 - Animal_EN.msi
[2006/06/18 16:19:32 | 003,830,526 | ---- | C] () -- C:\Program Files\WM Components 2.0.2.dmg
[2006/06/18 15:56:03 | 000,863,616 | ---- | C] () -- C:\Program Files\Epic Pinball.zip
[2006/06/17 16:21:23 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/15 16:12:17 | 001,062,523 | ---- | C] () -- C:\Program Files\Peps Football Pinball Game.zip
[2006/05/27 10:53:46 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/05/19 18:59:33 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2012/10/17 19:40:46 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\@
[2010/12/09 15:15:09 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\n
[2010/12/09 15:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\L
[2012/10/30 19:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U
[2012/10/24 16:41:23 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\00000001.@
[2012/10/30 19:17:40 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\80000000.@
[2012/10/21 09:35:06 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U\800000cb.@
[2005/11/25 09:10:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc

< End of report >

plumtast · Nov 8, 2012

Extras:

OTL Extras logfile created on: 08/11/2012 20:01:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 455.36 Mb Available Physical Memory | 44.49% Memory free
2.40 Gb Paging File | 1.44 Gb Available in Paging File | 59.90% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.36 Gb Total Space | 89.53 Gb Free Space | 39.04% Space Free | Partition Type: NTFS
Drive D: | 33.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MESH | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1119:TCP" = 1119:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled

ersonal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe:*

isabled:netsession_win -- (Akamai Technologies, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}" = AVG 2013
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3
"{07FFDC2A-DDCB-4E5E-A3C4-D1B46CF1BF4F}" = Virtual Midi Controller Demo
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}" = Sony ACID Music Studio 5.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1446A30C-6DAF-461E-96B1-31C554870082}_is1" = Tag - IGF Professional 2008
"{150FEA49-4039-4458-B9D0-F19CC17229FE}" = LEGO Star Wars 2 DEMO
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{160F1966-21BA-4FF9-9856-714E0A45DFEF}_is1" = gdTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help
"{1E61538A-D482-4252-BBB7-D892FD52FC50}" = Grabster AV 400
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{295C07FB-4CB7-4060-BDA8-01964D748955}" = WinPOD
"{2C1A70C0-6E4B-4177-8CF7-0B941B268794}" = Serif 3DPlus 3.0
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39B1915D-3CBA-42F8-8A58-2AB5587BF863}" = Microsoft Office PowerPoint 2003 Template Creation Wizard
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3DFA5FC6-C241-4B42-87DF-8AEB0FE975C2}" = Nature Theme 1 Animal
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42151323-36EA-4578-B10C-540CDEE18423}_is1" = XtenDS 8
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F0B76FF-2033-47F2-922B-BF62C366B6C9}" = BlueTunes
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543A5E2A-FEE5-4DA5-AE2C-4668C8652A24}" = WiiMedia Savegame Manager
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620797B0-A022-4B57-A95E-DD7DD0341016}" = HideAnyWindow
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ED4F0D8-E36B-4B33-ACCB-713734897A43}" = Inspyder Finder Trial
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74E03281-FA64-11D3-B8D7-0080C8FCA09C}" = Enemy Engaged RAH66 Comanche Vs KA52 Hokum
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7989FC0E-85EC-4C8D-AD5C-3FD1398261A7}" = ATI Catalyst Control Center
"{7A98F3A8-5702-4395-950B-5F7C2151CD9B}" = O-Generator Demo
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{839911F0-D9CB-400F-AE78-5D8264F38C42}" = OutRun2006 Coast 2 Coast
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87E8AD7D-31B2-4C09-8D96-30D9128C7C40}" = Pacific Combat Pilot
"{8874FD36-7C9D-4573-8956-E368D6753D90}" = Worms Blast
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B94BE6F-7CA3-4C40-A266-62667FF746CC}" = ATI Drivers
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A79A4843-DDCD-489B-AAEC-5A7FB4E905C9}" = Google Desktop TimeWarp Plugin
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B19C841C-D60A-462F-AB86-4FDD51A77FA3}" = NILE THEME
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE9B7A3D-BB08-427D-9B3E-508568EE90D9}" = gdShutdown
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1349E0C-6047-43F2-AFBF-16988F125E5B}" = AVG 2013
"{C1BC3E6F-B77B-46D9-A2D4-6849DFE139AF}" = VRC_Demo_v323_English
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9BFF8C0-2698-4E07-A808-5971E573D257}_is1" = Quintessence - The Blighted Venom [Chapter 1 - 11]
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D55D7EE6-3013-47AC-BE71-51AA35A221AB}" = Quake Live Internet Explorer Plugin
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF3ABC1A-CA26-460C-944B-7C9E2C55CB73}" = Google Desktop Plugin - DigiWatch
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E397F6F0-AEE4-4236-BB05-1351350F8365}" = War Rock
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EAC6915F-7AD3-4247-9CD5-204B2A0C3AC4}" = Pure Motion EditStudio 4
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1A36967-8AF5-4BDB-90BB-F6B2750839E1}" = SynthEdit
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7C6D087-D5D6-46F8-857D-BBD6D26289D3}" = Safester
"{F7D767EF-0AA7-4F0B-809D-1E021893811A}" = VirtualBox OSE
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Addon RT6x Wireless LAN Card
"{FAC5A618-C41C-485F-826C-3589BDA34CE7}" = BOINC
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"A9CD4C7D-6D93-4B56-A226-1D28DB060A87_is1" = Test Tone Generator 4.2
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIMars" = Kids Cam Sticker Factory
"Akamai" = Akamai NetSession Interface Service
"Alien Arena 2010_is1" = Alien Arena 2010
"All ATI Software" = ATI - Software Uninstall Utility
"Alpha 3" = Alpha 3
"AnalogX SayIt" = AnalogX SayIt
"Anvi Smart Defender" = Anvi Smart Defender 1.6
"Apache Havoc" = Apache Havoc
"Apache Havoc Patch 1.1" = Apache Havoc Patch 1.1
"Artillery2 CM Edition" = Artillery2 CM Edition
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2013
"AviSynth" = AviSynth 2.5
"Battleships Forever_is1" = Battleships Forever v0.90d
"BRACX2_is1" = Bratz Activity Centre
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"CCleaner" = CCleaner
"CE Launcher_is1" = 1.0
"Chain Reaction Demo" = Chain Reaction Demo (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem
"Collab" = Collab
"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"DivX Content Uploader" = DivX Content Uploader
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DJ Mix Pro" = DJ Mix Pro
"DLDIrc" = DLDIrc
"Doctor.scr" = Doctor ScreenSaver
"dreamDeals Plugin_is1" = dreamDeals Plugin 1.0
"Electric Sheep" = Electric Sheep 2.7b26
"eMule" = eMule
"Ewisoft Website Builder (include eCommerce Builder)_is1" = Ewisoft Website Builder (include eCommerce Builder)
"Expression Tone Generator" = Expression Tone Generator
"Eyewitness History of the World 2.0" = Eyewitness History of the World 2.0
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"FL Studio 8" = FL Studio 8
"FlightGear_is1" = FlightGear v1.0.0
"foldit" = foldit
"Frets on Fire" = Frets On Fire
"Frontier Compute Engine" = Frontier Compute Engine
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"HF_screensaver" = HF_screensaver
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iF/A-18" = iF/A-18 Carrier Strike Fighter
"igLoader" = igLoader
"IL Download Manager" = IL Download Manager
"Impulse" = Impulse
"InstallShield_{150FEA49-4039-4458-B9D0-F19CC17229FE}" = LEGO Star Wars 2 DEMO
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InterActual Player" = InterActual Player
"Intermorphic Noatikl_is1" = Intermorphic Noatikl 1.5
"IrfanView" = IrfanView (remove only)
"KartRider" = ?????
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"LETHAL JUDGMENT 2 - Orbital Apocalypse_is1" = Version 1.0
"Lethal Judgment 3 End Game_is1" = Lethal Judgment 3 1.0
"MAGIX Music Maker 14 silver UK" = MAGIX Music Maker 14 silver 13.0.1.10 (UK)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mnemosyne_is1" = Mnemosyne 1.2.2
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Muddle Earth" = Muddle Earth Screen Saver
"MultiGen" = MultiGen
"Music Editing System" = Music Editing System
"Net Snippets" = Net Snippets
"NetBattle_is1" = NetBattle
"Nimbuzz" = Nimbuzz 1.5.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = oggcodecs 0.71.0946
"Onelog_Client_1.0" = MultiResource Client 2.8.0.11
"OpenAL" = OpenAL
"Orb" = Orb
"PoiZone" = PoiZone
"Pokémon Reader 2_is1" = Pokémon Reader 2 (Build 53)
"POL Map editor" = POL Map editor
"Polychromatic Funk Monkey_is1" = Polychromatic Funk Monkey 1.4
"PunkBusterSvc" = PunkBuster Services
"Puzzle Pirates" = Puzzle Pirates
"Reaktor Demo" = Reaktor Demo
"RealPlayer 6.0" = RealPlayer
"ReCycle Demo_is1" = ReCycle Demo 2.1.2
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"ST6UNST #1" = Bedfordshire Prime
"ST6UNST #2" = ER- 0 Drum Synth
"Starsiege TRIBES" = Starsiege TRIBES 1.8
"Steam App 11910" = Lumines Demo
"Steam App 13140" = America's Army 3
"Steam App 1502" = Darwinia Demo
"Steam App 18610" = Mayhem Intergalactic Demo
"Steam App 18710" = And Yet it Moves - Demo
"Steam App 18800" = Zero Gear Demo
"Steam App 20720" = Starscape Demo
"Steam App 21510" = Pyroblazer Demo
"Steam App 219" = Half-Life 2: Demo
"Steam App 22220" = Zeno Clash Demo
"Steam App 22620" = Alien Breed: Impact Demo
"Steam App 23480" = Ceville - Demo
"Steam App 26810" = Braid Demo
"Steam App 2730" = ThreadSpace: Hyperbol Demo
"Steam App 29110" = Retro/Grade IGF Demo
"Steam App 29140" = Between IGF Demo
"Steam App 29170" = Blueberry Garden Demo
"Steam App 29200" = Osmos Demo
"Steam App 32159" = Everyday Genius: SquareLogic Demo
"Steam App 3412" = Heavy Weapon Deluxe Demo
"Steam App 3483" = Peggle Extreme
"Steam App 34930" = Razor2: Hidden Skies - Demo
"Steam App 35710" = Trine Demo
"Steam App 36920" = All Aspects of Warfare - Demo
"Steam App 37510" = Magnetis Demo
"Steam App 37810" = QuantZ Demo
"Steam App 3840" = Psychonauts Demo
"Steam App 38910" = Rhythm Zone - Demo
"Steam App 40430" = Tidalis Demo
"Steam App 40710" = Machinarium Demo
"Steam App 410" = Portal: First Slice
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41020" = Serious Sam HD: The First Encounter Demo
"Steam App 41220" = Eufloria - Demo
"Steam App 42510" = Dogfighter Demo
"Steam App 4330" = Star Trek: DÂ·AÂ·C - Demo
"Steam App 44205" = Galcon Fusion Demo
"Steam App 45430" = Fortix - Demo
"Steam App 46010" = Bob Came in Pieces Demo
"Steam App 4610" = Full Pipe Demo
"Steam App 46610" = Swarm Arena Demo
"Steam App 480" = Spacewar
"Steam App 57210" = Puzzle Dimension Demo
"Steam App 58220" = Jolly Rover Demo
"Steam App 58410" = Turba Demo
"Steam App 6110" = Eets Demo
"Steam App 70310" = VVVVVV Demo
"Steam App 70410" = Recettear: An Item Shop's Tale - Demo
"Steam App 70910" = Star Ruler - Demo
"Steam App 8900" = Freedom Force - Demo
"Steam App 8910" = Freedom Force vs. the 3rd Reich - Demo
"Steam App 92" = Codename Gordon
"Steam App 9950" = Blade Kitten Demo
"Synaesthete_is1" = Synaesthete (v1.0)
"SystemRequirementsLab" = System Requirements Lab
"Tremulous" = Tremulous 1.1.0
"Tribes 2" = Tribes 2
"Ultrafighters" = Ultrafighters
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Vimidi_is1" = Vimidi 1.0
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Warp Pipe" = Warp Pipe Beta
"WarZone Client v1.0.44" = WarZone Client v1.0.44
"WavePad" = WavePad Sound Editor
"WFCStatus" = WFCStatus 1.5.0.10
"Wii Video 9" = Wii Video 9 2.25
"WildSnake Pinball: Christmas Tree_is1" = WildSnake Pinball: Christmas Tree 1.34
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.0
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Pokemon - Den of Ages" = Pokemon - Den of Ages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/11/2012 11:37:47 | Computer Name = MESH | Source = BOINC | ID = 1
Description =

Error - 05/11/2012 14:32:16 | Computer Name = MESH | Source = BOINC | ID = 1
Description =

Error - 05/11/2012 16:57:21 | Computer Name = MESH | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 05/11/2012 16:58:53 | Computer Name = MESH | Source = BOINC | ID = 1
Description =

Error - 05/11/2012 17:29:33 | Computer Name = MESH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06/11/2012 16:26:26 | Computer Name = MESH | Source = BOINC | ID = 1
Description =

Error - 07/11/2012 12:02:52 | Computer Name = MESH | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 07/11/2012 14:57:38 | Computer Name = MESH | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 4.1.522.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 08/11/2012 13:30:48 | Computer Name = MESH | Source = BOINC | ID = 1
Description =

Error - 08/11/2012 14:04:58 | Computer Name = MESH | Source = MsiInstaller | ID = 11406
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
1406. SA_Error1406: StandardAction(0xC007057E): Could not write value AVG_UI to
key \SOFTWARE\Microsoft\Windows\CurrentVersion\Run. System error . Verify that
you have sufficient access to that key, or contact your support personnel.

[ System Events ]
Error - 05/11/2012 16:58:25 | Computer Name = MESH | Source = Service Control Manager | ID = 7000
Description = The Frontier Compute Engine service failed to start due to the following
error: %%1053

Error - 06/11/2012 16:11:10 | Computer Name = MESH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 06/11/2012 16:11:10 | Computer Name = MESH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 07/11/2012 12:03:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 07/11/2012 12:03:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 07/11/2012 12:03:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Frontier Compute Engine
service to connect.

Error - 07/11/2012 12:03:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7000
Description = The Frontier Compute Engine service failed to start due to the following
error: %%1053

Error - 07/11/2012 15:55:56 | Computer Name = MESH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 08/11/2012 13:29:02 | Computer Name = MESH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 08/11/2012 13:29:02 | Computer Name = MESH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

< End of report >

Starbuck · Nov 8, 2012

In post #22 i asked:

The following programs Must be removed:

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) 6 Update 35

Reboot the system when these have been removed.

Do NOT remove:
Java 7 Update 9

Also please remove:
Anvi Smart Defender

We all like getting something for free, but relying on Anvi Smart Defender for antivirus could be an expensive proposition. In testing, it proved almost wholly unable to cleanup malware threats and also did a very poor job preventing malware attacks on a clean system. Worse, it repeatedly identified perfectly valid Windows files as malware. You've been warned; stay away.

Click to expand...

It also contains an Anti Virus... so it needs to be removed to stop conflicts.

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG 2013 or Microsoft Security Essentials.
Entirely up to you which you remove.
But if you do need a recommendation.... get rid of AVG and keep MSSE.

All of these are still showing in the report you ran this evening!!
We need to address these before we can carry on.
Please follow the instructions and then run Otl again.
I can only clean up what is left after the items have been removed.

Double click on OTL to run it.

Under Extra Registry section, select Use SafeList.
Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks

plumtast · Nov 18, 2012

Starbuck said:
In post #22 i asked:

All of these are still showing in the report you ran this evening!!
We need to address these before we can carry on.
Please follow the instructions and then run Otl again.
I can only clean up what is left after the items have been removed.

Double click on OTL to run it.

Under Extra Registry section, select Use SafeList.

Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.

Click on Run Scan at the top left hand corner.

When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks

Ah ok, sorry, must have missed those instructions. Now all done (though the add/remove programmes double click was itself somewhat unresponsive - had to right click and open to make programme list visible and often had to try this more than once).

Many thanks!

Report 1:

OTL Extras logfile created on: 18/11/2012 13:15:01 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 376.34 Mb Available Physical Memory | 36.77% Memory free
2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.36 Gb Total Space | 88.26 Gb Free Space | 38.48% Space Free | Partition Type: NTFS
Drive D: | 33.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MESH | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe:*

isabled:netsession_win -- (Akamai Technologies, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3
"{07FFDC2A-DDCB-4E5E-A3C4-D1B46CF1BF4F}" = Virtual Midi Controller Demo
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}" = Sony ACID Music Studio 5.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1446A30C-6DAF-461E-96B1-31C554870082}_is1" = Tag - IGF Professional 2008
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{160F1966-21BA-4FF9-9856-714E0A45DFEF}_is1" = gdTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help
"{1E61538A-D482-4252-BBB7-D892FD52FC50}" = Grabster AV 400
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{295C07FB-4CB7-4060-BDA8-01964D748955}" = WinPOD
"{2C1A70C0-6E4B-4177-8CF7-0B941B268794}" = Serif 3DPlus 3.0
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39B1915D-3CBA-42F8-8A58-2AB5587BF863}" = Microsoft Office PowerPoint 2003 Template Creation Wizard
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3DFA5FC6-C241-4B42-87DF-8AEB0FE975C2}" = Nature Theme 1 Animal
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42151323-36EA-4578-B10C-540CDEE18423}_is1" = XtenDS 8
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F0B76FF-2033-47F2-922B-BF62C366B6C9}" = BlueTunes
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543A5E2A-FEE5-4DA5-AE2C-4668C8652A24}" = WiiMedia Savegame Manager
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620797B0-A022-4B57-A95E-DD7DD0341016}" = HideAnyWindow
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ED4F0D8-E36B-4B33-ACCB-713734897A43}" = Inspyder Finder Trial
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74E03281-FA64-11D3-B8D7-0080C8FCA09C}" = Enemy Engaged RAH66 Comanche Vs KA52 Hokum
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7989FC0E-85EC-4C8D-AD5C-3FD1398261A7}" = ATI Catalyst Control Center
"{7A98F3A8-5702-4395-950B-5F7C2151CD9B}" = O-Generator Demo
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{839911F0-D9CB-400F-AE78-5D8264F38C42}" = OutRun2006 Coast 2 Coast
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87E8AD7D-31B2-4C09-8D96-30D9128C7C40}" = Pacific Combat Pilot
"{8874FD36-7C9D-4573-8956-E368D6753D90}" = Worms Blast
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B94BE6F-7CA3-4C40-A266-62667FF746CC}" = ATI Drivers
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A79A4843-DDCD-489B-AAEC-5A7FB4E905C9}" = Google Desktop TimeWarp Plugin
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B19C841C-D60A-462F-AB86-4FDD51A77FA3}" = NILE THEME
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE9B7A3D-BB08-427D-9B3E-508568EE90D9}" = gdShutdown
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1BC3E6F-B77B-46D9-A2D4-6849DFE139AF}" = VRC_Demo_v323_English
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9BFF8C0-2698-4E07-A808-5971E573D257}_is1" = Quintessence - The Blighted Venom [Chapter 1 - 11]
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D55D7EE6-3013-47AC-BE71-51AA35A221AB}" = Quake Live Internet Explorer Plugin
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF3ABC1A-CA26-460C-944B-7C9E2C55CB73}" = Google Desktop Plugin - DigiWatch
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E397F6F0-AEE4-4236-BB05-1351350F8365}" = War Rock
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EAC6915F-7AD3-4247-9CD5-204B2A0C3AC4}" = Pure Motion EditStudio 4
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1A36967-8AF5-4BDB-90BB-F6B2750839E1}" = SynthEdit
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7C6D087-D5D6-46F8-857D-BBD6D26289D3}" = Safester
"{F7D767EF-0AA7-4F0B-809D-1E021893811A}" = VirtualBox OSE
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Addon RT6x Wireless LAN Card
"{FAC5A618-C41C-485F-826C-3589BDA34CE7}" = BOINC
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"A9CD4C7D-6D93-4B56-A226-1D28DB060A87_is1" = Test Tone Generator 4.2
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIMars" = Kids Cam Sticker Factory
"Akamai" = Akamai NetSession Interface Service
"Alien Arena 2010_is1" = Alien Arena 2010
"All ATI Software" = ATI - Software Uninstall Utility
"Alpha 3" = Alpha 3
"AnalogX SayIt" = AnalogX SayIt
"Apache Havoc" = Apache Havoc
"Apache Havoc Patch 1.1" = Apache Havoc Patch 1.1
"Artillery2 CM Edition" = Artillery2 CM Edition
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"Battleships Forever_is1" = Battleships Forever v0.90d
"BRACX2_is1" = Bratz Activity Centre
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"CCleaner" = CCleaner
"CE Launcher_is1" = 1.0
"Chain Reaction Demo" = Chain Reaction Demo (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem
"Collab" = Collab
"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"DivX Content Uploader" = DivX Content Uploader
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DJ Mix Pro" = DJ Mix Pro
"DLDIrc" = DLDIrc
"Doctor.scr" = Doctor ScreenSaver
"dreamDeals Plugin_is1" = dreamDeals Plugin 1.0
"Electric Sheep" = Electric Sheep 2.7b26
"eMule" = eMule
"Ewisoft Website Builder (include eCommerce Builder)_is1" = Ewisoft Website Builder (include eCommerce Builder)
"Expression Tone Generator" = Expression Tone Generator
"Eyewitness History of the World 2.0" = Eyewitness History of the World 2.0
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"FL Studio 8" = FL Studio 8
"FlightGear_is1" = FlightGear v1.0.0
"foldit" = foldit
"Frets on Fire" = Frets On Fire
"Frontier Compute Engine" = Frontier Compute Engine
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"HF_screensaver" = HF_screensaver
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iF/A-18" = iF/A-18 Carrier Strike Fighter
"igLoader" = igLoader
"IL Download Manager" = IL Download Manager
"Impulse" = Impulse
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InterActual Player" = InterActual Player
"Intermorphic Noatikl_is1" = Intermorphic Noatikl 1.5
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"LETHAL JUDGMENT 2 - Orbital Apocalypse_is1" = Version 1.0
"Lethal Judgment 3 End Game_is1" = Lethal Judgment 3 1.0
"MAGIX Music Maker 14 silver UK" = MAGIX Music Maker 14 silver 13.0.1.10 (UK)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mnemosyne_is1" = Mnemosyne 1.2.2
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Muddle Earth" = Muddle Earth Screen Saver
"MultiGen" = MultiGen
"Music Editing System" = Music Editing System
"Net Snippets" = Net Snippets
"NetBattle_is1" = NetBattle
"Nimbuzz" = Nimbuzz 1.5.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = oggcodecs 0.71.0946
"Onelog_Client_1.0" = MultiResource Client 2.8.0.11
"OpenAL" = OpenAL
"Orb" = Orb
"PoiZone" = PoiZone
"Pokémon Reader 2_is1" = Pokémon Reader 2 (Build 53)
"POL Map editor" = POL Map editor
"Polychromatic Funk Monkey_is1" = Polychromatic Funk Monkey 1.4
"PunkBusterSvc" = PunkBuster Services
"Puzzle Pirates" = Puzzle Pirates
"Reaktor Demo" = Reaktor Demo
"RealPlayer 6.0" = RealPlayer
"ReCycle Demo_is1" = ReCycle Demo 2.1.2
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"ST6UNST #1" = Bedfordshire Prime
"ST6UNST #2" = ER- 0 Drum Synth
"Starsiege TRIBES" = Starsiege TRIBES 1.8
"Steam App 11910" = Lumines Demo
"Steam App 13140" = America's Army 3
"Steam App 1502" = Darwinia Demo
"Steam App 18610" = Mayhem Intergalactic Demo
"Steam App 18710" = And Yet it Moves - Demo
"Steam App 18800" = Zero Gear Demo
"Steam App 20720" = Starscape Demo
"Steam App 21510" = Pyroblazer Demo
"Steam App 219" = Half-Life 2: Demo
"Steam App 22220" = Zeno Clash Demo
"Steam App 22620" = Alien Breed: Impact Demo
"Steam App 23480" = Ceville - Demo
"Steam App 26810" = Braid Demo
"Steam App 2730" = ThreadSpace: Hyperbol Demo
"Steam App 29110" = Retro/Grade IGF Demo
"Steam App 29140" = Between IGF Demo
"Steam App 29170" = Blueberry Garden Demo
"Steam App 29200" = Osmos Demo
"Steam App 32159" = Everyday Genius: SquareLogic Demo
"Steam App 3412" = Heavy Weapon Deluxe Demo
"Steam App 3483" = Peggle Extreme
"Steam App 34930" = Razor2: Hidden Skies - Demo
"Steam App 35710" = Trine Demo
"Steam App 36920" = All Aspects of Warfare - Demo
"Steam App 37510" = Magnetis Demo
"Steam App 37810" = QuantZ Demo
"Steam App 3840" = Psychonauts Demo
"Steam App 38910" = Rhythm Zone - Demo
"Steam App 40430" = Tidalis Demo
"Steam App 40710" = Machinarium Demo
"Steam App 410" = Portal: First Slice
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41020" = Serious Sam HD: The First Encounter Demo
"Steam App 41220" = Eufloria - Demo
"Steam App 42510" = Dogfighter Demo
"Steam App 4330" = Star Trek: DÂ·AÂ·C - Demo
"Steam App 44205" = Galcon Fusion Demo
"Steam App 45430" = Fortix - Demo
"Steam App 46010" = Bob Came in Pieces Demo
"Steam App 4610" = Full Pipe Demo
"Steam App 46610" = Swarm Arena Demo
"Steam App 480" = Spacewar
"Steam App 57210" = Puzzle Dimension Demo
"Steam App 58220" = Jolly Rover Demo
"Steam App 58410" = Turba Demo
"Steam App 6110" = Eets Demo
"Steam App 70310" = VVVVVV Demo
"Steam App 70410" = Recettear: An Item Shop's Tale - Demo
"Steam App 70910" = Star Ruler - Demo
"Steam App 8900" = Freedom Force - Demo
"Steam App 8910" = Freedom Force vs. the 3rd Reich - Demo
"Steam App 92" = Codename Gordon
"Steam App 9950" = Blade Kitten Demo
"Synaesthete_is1" = Synaesthete (v1.0)
"SystemRequirementsLab" = System Requirements Lab
"Tremulous" = Tremulous 1.1.0
"Tribes 2" = Tribes 2
"Ultrafighters" = Ultrafighters
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Vimidi_is1" = Vimidi 1.0
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Warp Pipe" = Warp Pipe Beta
"WarZone Client v1.0.44" = WarZone Client v1.0.44
"WavePad" = WavePad Sound Editor
"WFCStatus" = WFCStatus 1.5.0.10
"Wii Video 9" = Wii Video 9 2.25
"WildSnake Pinball: Christmas Tree_is1" = WildSnake Pinball: Christmas Tree 1.34
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.0
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Pokemon - Den of Ages" = Pokemon - Den of Ages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/11/2012 15:12:42 | Computer Name = MESH | Source = NativeWrapper | ID = 5000
Description =

Error - 17/11/2012 16:47:47 | Computer Name = MESH | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 17/11/2012 16:47:50 | Computer Name = MESH | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error - 17/11/2012 16:47:52 | Computer Name = MESH | Source = NativeWrapper | ID = 5000
Description =

Error - 18/11/2012 06:53:04 | Computer Name = MESH | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.8.1, faulting module
hpwucli.exe, version 5.0.8.1, fault address 0x00004607.

Error - 18/11/2012 08:34:27 | Computer Name = MESH | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/11/2012 08:34:31 | Computer Name = MESH | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/11/2012 08:46:04 | Computer Name = MESH | Source = BOINC | ID = 1
Description =

Error - 18/11/2012 08:50:30 | Computer Name = MESH | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/11/2012 09:01:21 | Computer Name = MESH | Source = BOINC | ID = 1
Description =

[ System Events ]
Error - 18/11/2012 08:19:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2012 08:19:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2012 08:19:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2012 08:19:48 | Computer Name = MESH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/11/2012 08:31:32 | Computer Name = MESH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 18/11/2012 08:31:32 | Computer Name = MESH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 18/11/2012 08:45:26 | Computer Name = MESH | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends on the following nonexistent service:
AVGIDSDriver

Error - 18/11/2012 08:45:26 | Computer Name = MESH | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error 3758161939
(0xE0010013).

Error - 18/11/2012 09:01:02 | Computer Name = MESH | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends on the following nonexistent service:
AVGIDSDriver

Error - 18/11/2012 09:01:02 | Computer Name = MESH | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error 3758161981
(0xE001003D).

< End of report >

Report 2:

OTL logfile created on: 18/11/2012 13:15:00 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 376.34 Mb Available Physical Memory | 36.77% Memory free
2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.36 Gb Total Space | 88.26 Gb Free Space | 38.48% Space Free | Partition Type: NTFS
Drive D: | 33.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MESH | User Name:| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierMon.exe (Parabon Computation, Inc.)
PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontier.exe (Parabon Computation, Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_sn2s_vina_prod_x86.exe.6.20 ()
PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_sn2s_vina_6.20_windows_intelx86 ()
PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_gfam_vina_prod_x86.exe.6.12 ()
PRC - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_gfam_vina_6.12_windows_intelx86 ()
PRC - C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe (Parabon Computation, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Addon\Common\RaUI.exe (Addon Technology Ltd.)
PRC - C:\Program Files\Addon\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinc.exe (Space Sciences Laboratory)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
MOD - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_sn2s_vina_prod_x86.exe.6.20 ()
MOD - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_sn2s_vina_6.20_windows_intelx86 ()
MOD - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_gfam_vina_prod_x86.exe.6.12 ()
MOD - C:\Documents and Settings\All Users\Application Data\BOINC\projects\www.worldcommunitygrid.org\wcgrid_gfam_vina_6.12_windows_intelx86 ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1de8e1c\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_353abf6a\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fe8bae91\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6c105c62\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_157634b6\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\WINDOWS\system32\DiagFunc.dll ()
MOD - C:\Program Files\BOINC\cudart.dll ()
MOD - C:\Program Files\BOINC\zlib1.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\ImageBadger\extib.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll ()
MOD - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll ()
MOD - C:\WINDOWS\system32\vmcmidiport.dll ()
MOD - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll ()
MOD - C:\WINDOWS\AppPatch\AlLayer.dll ()

========== Services (SafeList) ==========

SRV - (rpcapd) -- %ProgramFiles%\WinPcap\rpcapd.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Frontier Compute Engine) -- C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierMon.exe (Parabon Computation, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Frontier Update Service) -- C:\Program Files\Parabon\Frontier Compute Engine\bin\frontierUpdate.exe (Parabon Computation, Inc.)
SRV - (RalinkRegistryWriter) -- C:\Program Files\Addon\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (CLSched) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (CFcatchme) -- C:\DOCUME~1\\LOCALS~1\Temp\CFcatchme.sys File not found
DRV - (catchme) -- C:\ComboFi\catchme.sys File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (VBoxDrv) -- C:\Program Files\Sun\VirtualBox OSE\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetFlt) -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.)
DRV - (Scutum50) -- C:\WINDOWS\system32\drivers\Scutum50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation)
DRV - (BLKWGU(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys ()
DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (BTHidMgr) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys (IVT Corporation)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (m5287) -- C:\WINDOWS\system32\drivers\m5287.sys (ULi Electronics Inc.)
DRV - (m5289) -- C:\WINDOWS\system32\drivers\m5289.sys (ULi Electronics Inc.)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iComp) -- C:\WINDOWS\system32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (USBIO) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=-2sDKcDEApIF3bXpdzZjJfrBHrc?q={searchTerms}
IE - HKCU\..\SearchScopes\{C2353BDA-19DB-4F7E-936F-2EAA9D89C0AB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=10: C:\Program Files\Google\Google Updater\2.1.810.31257\npCIDetect10.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/01 16:12:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/17 20:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\\Application Data\Mozilla\Extensions
[2012/10/30 08:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\lr2j7lup.default\extensions
[2012/11/18 12:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/01 16:12:35 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/07 07:29:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/25 18:12:27 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.1.810.31257\npCIDetect10.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012/10/31 21:37:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (Net Snippets) - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" File not found
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk = C:\Program Files\Addon\Common\RaUI.exe (Addon Technology Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\Program Files\NetSnippets\NetSnip.DLL (Net Snippets LTD.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156003235671 (MUWebControl Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://cloverleafgames.com/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://www.candystand.com/assets/activex/virtools/CacheManager.CAB (CacheManager.CacheManagerCtrl)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://msnuk.oberon-media.com/online2/MSN_INTL_UK/insaniquarium_non_zylom/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29AF84D6-C5B5-4117-B363-6E563C03BE00}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5472BD3-8BB9-4176-9B87-A8C28AB2C5CC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/25 09:00:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 13:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Avg2013
[2012/11/05 10:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempFDFE5C73-D615-8C64-76E1-211BA9DCFA2C-Signatures
[2012/11/04 09:27:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp50C8A26A-3FEA-478A-F4F9-D800502FC839-Signatures
[2012/11/04 09:18:45 | 000,000,000 | ---D | C] -- C:\a5dbb2febf5f6f4c8dba390a9f3a
[2012/11/01 21:43:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempDE7E0D27-FB35-C35B-7EA0-A145C4FA2B21-Signatures
[2012/11/01 18:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/11/01 18:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/01 18:14:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/11/01 16:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/01 12:58:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/31 21:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/10/31 20:35:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/10/31 20:33:50 | 000,000,000 | ---D | C] -- C:\ComboFi
[2012/10/31 20:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Zipeg
[2012/10/31 12:13:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
[2012/10/31 09:56:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\\Start Menu\Programs\Administrative Tools
[2012/10/31 09:54:53 | 004,991,994 | R--- | C] (Swearware) -- C:\Documents and Settings\\Desktop\ComboFi.exe
[2012/10/31 09:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/31 09:51:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/31 09:51:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/31 09:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/30 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\n\Local Settings\Application Data\Unity
[2012/10/29 21:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Desktop\RK_Quarantine
[2012/10/28 16:18:56 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/10/28 16:18:56 | 000,757,852 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2012/10/28 16:18:56 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/10/28 16:18:56 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2012/10/28 16:18:56 | 000,143,459 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2012/10/28 16:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Addon Wireless
[2012/10/28 16:18:38 | 000,500,096 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt61.sys
[2012/10/28 16:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Addon Driver
[2012/10/28 16:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Addon
[2012/10/28 11:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Sun
[2012/10/26 17:54:42 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/26 17:54:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/26 17:54:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/26 17:54:22 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/22 20:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HideAnyWindow
[2012/10/22 20:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\HideAnyWindow
[2006/06/18 16:24:55 | 000,163,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\pfbackup.exe
[2006/06/18 16:18:39 | 005,566,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vviewer.exe
[2006/06/18 16:13:17 | 002,931,992 | ---- | C] (Microsoft Corporation) -- C:\Program Files\LEO_Setup.EXE
[2006/06/18 16:11:13 | 001,389,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppttmpl3.exe
[2006/06/18 16:10:43 | 000,480,816 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Sounds.EXE
[2006/06/18 16:09:50 | 000,330,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ppttpwiz.exe
[2006/06/17 17:56:41 | 002,053,688 | ---- | C] (Google) -- C:\Program Files\GoogleDesktopSetup.exe
[2006/06/15 16:29:11 | 024,070,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2006/06/15 15:37:21 | 017,357,552 | ---- | C] (The LEGO Group) -- C:\Program Files\Lego Designer.exe
[2006/06/15 15:29:04 | 037,311,488 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/18 13:21:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D665C24D-DAD0-4076-8D6C-97D8FCC394E5}.job
[2012/11/18 13:19:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/18 13:09:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/18 13:08:53 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/11/18 13:01:37 | 000,012,664 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/18 12:59:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/18 12:58:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/18 12:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/18 11:50:18 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6B9DDA16-430C-4C97-BD40-7A58000A54AD}.job
[2012/11/16 15:19:17 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/16 11:47:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/16 11:43:56 | 000,426,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/16 11:43:56 | 000,068,894 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/05 13:30:12 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/10/31 21:37:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/31 20:32:55 | 004,991,994 | R--- | M] (Swearware) -- C:\Documents and Settings\\Desktop\ComboFi.exe
[2012/10/31 12:13:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
[2012/10/31 10:09:04 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to mbam.lnk
[2012/10/30 21:16:09 | 000,000,678 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat
[2012/10/30 21:13:30 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to AdwCleaner.lnk
[2012/10/28 16:18:53 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk
[2012/10/26 17:54:00 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/26 17:53:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/10/26 17:53:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/26 17:53:58 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/26 17:53:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/26 17:53:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/26 17:53:58 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/22 08:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/10/22 08:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/10/20 17:27:27 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/05 15:44:24 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/05 15:44:13 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/10/31 20:35:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/10/31 10:09:04 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to mbam.lnk
[2012/10/31 09:51:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/31 09:51:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/31 09:51:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/31 09:51:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/31 09:51:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/30 21:13:30 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to AdwCleaner.lnk
[2012/10/30 21:11:19 | 000,000,678 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat
[2012/10/28 16:18:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2012/10/28 16:18:56 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2012/10/28 16:18:56 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2012/10/28 16:18:53 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Addon Wireless Utility.lnk
[2012/10/20 17:27:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2012/10/20 17:27:27 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012/09/12 09:58:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/26 11:28:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/02/15 08:38:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/30 17:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2006/09/12 17:39:15 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\\Application Data\wklnhst.dat
[2006/08/19 15:54:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\\Application Data\dm.ini
[2006/08/13 13:08:20 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 16:42:53 | 000,299,078 | ---- | C] () -- C:\Program Files\10131610.cab
[2006/06/18 16:23:42 | 006,571,008 | ---- | C] () -- C:\Program Files\Nile_Theme_EN.msi
[2006/06/18 16:22:33 | 001,638,400 | ---- | C] () -- C:\Program Files\Nature Theme 1 - Animal_EN.msi
[2006/06/18 16:19:32 | 003,830,526 | ---- | C] () -- C:\Program Files\WM Components 2.0.2.dmg
[2006/06/18 15:56:03 | 000,863,616 | ---- | C] () -- C:\Program Files\Epic Pinball.zip
[2006/06/17 16:21:23 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/15 16:12:17 | 001,062,523 | ---- | C] () -- C:\Program Files\Peps Football Pinball Game.zip
[2006/05/27 10:53:46 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/05/19 18:59:33 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2010/12/09 15:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\L
[2012/11/08 20:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\visitor\Local Settings\Application Data\{129bf727-f6b4-db0a-d8e5-74bd0aa0d5b7}\U
[2005/11/25 09:10:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc

< End of report >

Starbuck · Nov 18, 2012

Hi plumtast

Thanks for that, now we can start to clean up the report:

Step 1
Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line )

Code:

:otl
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=-2sDKcDEApIF3bXpdzZjJfrBHrc?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" File not found
O4 - HKCU..\Run: [Power2GoExpress] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://msnuk.oberon-media.com/online...ploader_v6.cab (PopCapLoader Object)
[2012/11/18 13:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\Avg2013

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

Return to OTL,
right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
Click the red Run Fix button.
OTL will reboot your system once the fix has completed.
After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

Step 2
I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the

button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
  
  to download the ESET Smart Installer.
  Save it to your desktop.
- Double click on the
  
  icon on your desktop.
Check
Click the

button.
Accept any security warnings from your browser.
Check
Click the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Click

, and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply.
Click the

button.
Click

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

In your next reply, please submit:
Otl fix report
Eset scan report

Thanks

Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

PC wireless connectivity post malware

plumtast

FPCH Member

Starbuck

Admin & Security Team

plumtast

FPCH Member

Starbuck

Admin & Security Team

plumtast

FPCH Member

plumtast

FPCH Member

Starbuck

Admin & Security Team

plumtast

FPCH Member

Starbuck

Admin & Security Team

Similar threads