PC wireless connectivity post malware

plumtast · November 8, 2012

Extras:

OTL Extras logfile created on: 08/11/2012 20:01:52 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 455.36 Mb Available Physical Memory | 44.49% Memory free

2.40 Gb Paging File | 1.44 Gb Available in Paging File | 59.90% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 229.36 Gb Total Space | 89.53 Gb Free Space | 39.04% Space Free | Partition Type: NTFS

Drive D: | 33.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MESH | User Name: | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1119:TCP" = 1119:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

"C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}" = AVG 2013

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3

"{07FFDC2A-DDCB-4E5E-A3C4-D1B46CF1BF4F}" = Virtual Midi Controller Demo

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds

"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}" = Sony ACID Music Studio 5.0

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1446A30C-6DAF-461E-96B1-31C554870082}_is1" = Tag - IGF Professional 2008

"{150FEA49-4039-4458-B9D0-F19CC17229FE}" = LEGO Star Wars 2 DEMO

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{160F1966-21BA-4FF9-9856-714E0A45DFEF}_is1" = gdTunes

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help

"{1E61538A-D482-4252-BBB7-D892FD52FC50}" = Grabster AV 400

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 35

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{295C07FB-4CB7-4060-BDA8-01964D748955}" = WinPOD

"{2C1A70C0-6E4B-4177-8CF7-0B941B268794}" = Serif 3DPlus 3.0

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh

"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0

"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale

"{39B1915D-3CBA-42F8-8A58-2AB5587BF863}" = Microsoft Office PowerPoint 2003 Template Creation Wizard

"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth

"{3DFA5FC6-C241-4B42-87DF-8AEB0FE975C2}" = Nature Theme 1 Animal

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{42151323-36EA-4578-B10C-540CDEE18423}_is1" = XtenDS 8

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{4F0B76FF-2033-47F2-922B-BF62C366B6C9}" = BlueTunes

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{543A5E2A-FEE5-4DA5-AE2C-4668C8652A24}" = WiiMedia Savegame Manager

"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter

"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{620797B0-A022-4B57-A95E-DD7DD0341016}" = HideAnyWindow

"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ED4F0D8-E36B-4B33-ACCB-713734897A43}" = Inspyder Finder Trial

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{74E03281-FA64-11D3-B8D7-0080C8FCA09C}" = Enemy Engaged RAH66 Comanche Vs KA52 Hokum

"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7989FC0E-85EC-4C8D-AD5C-3FD1398261A7}" = ATI Catalyst Control Center

"{7A98F3A8-5702-4395-950B-5F7C2151CD9B}" = O-Generator Demo

"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{839911F0-D9CB-400F-AE78-5D8264F38C42}" = OutRun2006 Coast 2 Coast

"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{87E8AD7D-31B2-4C09-8D96-30D9128C7C40}" = Pacific Combat Pilot

"{8874FD36-7C9D-4573-8956-E368D6753D90}" = Worms Blast

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)

"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B94BE6F-7CA3-4C40-A266-62667FF746CC}" = ATI Drivers

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility

"{A79A4843-DDCD-489B-AAEC-5A7FB4E905C9}" = Google Desktop TimeWarp Plugin

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 1.0

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B19C841C-D60A-462F-AB86-4FDD51A77FA3}" = NILE THEME

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{BE9B7A3D-BB08-427D-9B3E-508568EE90D9}" = gdShutdown

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1349E0C-6047-43F2-AFBF-16988F125E5B}" = AVG 2013

"{C1BC3E6F-B77B-46D9-A2D4-6849DFE139AF}" = VRC_Demo_v323_English

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{C9BFF8C0-2698-4E07-A808-5971E573D257}_is1" = Quintessence - The Blighted Venom [Chapter 1 - 11]

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D55D7EE6-3013-47AC-BE71-51AA35A221AB}" = Quake Live Internet Explorer Plugin

"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0

"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer

"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari

"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database

"{DF3ABC1A-CA26-460C-944B-7C9E2C55CB73}" = Google Desktop Plugin - DigiWatch

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E397F6F0-AEE4-4236-BB05-1351350F8365}" = War Rock

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{EAC6915F-7AD3-4247-9CD5-204B2A0C3AC4}" = Pure Motion EditStudio 4

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F1A36967-8AF5-4BDB-90BB-F6B2750839E1}" = SynthEdit

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F7C6D087-D5D6-46F8-857D-BBD6D26289D3}" = Safester

"{F7D767EF-0AA7-4F0B-809D-1E021893811A}" = VirtualBox OSE

"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Addon RT6x Wireless LAN Card

"{FAC5A618-C41C-485F-826C-3589BDA34CE7}" = BOINC

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard

"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

"7-Zip" = 7-Zip 4.65

"A9CD4C7D-6D93-4B56-A226-1D28DB060A87_is1" = Test Tone Generator 4.2

"Adobe AIR" = Adobe AIR

"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AIMars" = Kids Cam Sticker Factory

"Akamai" = Akamai NetSession Interface Service

"Alien Arena 2010_is1" = Alien Arena 2010

"All ATI Software" = ATI - Software Uninstall Utility

"Alpha 3" = Alpha 3

"AnalogX SayIt" = AnalogX SayIt

"Anvi Smart Defender" = Anvi Smart Defender 1.6

"Apache Havoc" = Apache Havoc

"Apache Havoc Patch 1.1" = Apache Havoc Patch 1.1

"Artillery2 CM Edition" = Artillery2 CM Edition

"ASIO4ALL" = ASIO4ALL

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"AVG" = AVG 2013

"AviSynth" = AviSynth 2.5

"Battleships Forever_is1" = Battleships Forever v0.90d

"BRACX2_is1" = Bratz Activity Centre

"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)

"CCleaner" = CCleaner

"CE Launcher_is1" = 1.0

"Chain Reaction Demo" = Chain Reaction Demo (remove only)

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem

"Collab" = Collab

"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator

"Cool Edit Pro 2.0" = Cool Edit Pro 2.0

"CopernicDesktopSearch2" = Copernic Desktop Search - Home

"CutePDF Writer Installation" = CutePDF Writer 2.8

"Defraggler" = Defraggler

"DivX Content Uploader" = DivX Content Uploader

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX Setup

"DJ Mix Pro" = DJ Mix Pro

"DLDIrc" = DLDIrc

"Doctor.scr" = Doctor ScreenSaver

"dreamDeals Plugin_is1" = dreamDeals Plugin 1.0

"Electric Sheep" = Electric Sheep 2.7b26

"eMule" = eMule

"Ewisoft Website Builder (include eCommerce Builder)_is1" = Ewisoft Website Builder (include eCommerce Builder)

"Expression Tone Generator" = Expression Tone Generator

"Eyewitness History of the World 2.0" = Eyewitness History of the World 2.0

"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition

"FL Studio 8" = FL Studio 8

"FlightGear_is1" = FlightGear v1.0.0

"foldit" = foldit

"Frets on Fire" = Frets On Fire

"Frontier Compute Engine" = Frontier Compute Engine

"GamersFirst LIVE!" = GamersFirst LIVE!

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"Google Updater" = Google Updater

"HammerHead Rhythm Station" = HammerHead Rhythm Station

"HF_screensaver" = HF_screensaver

"HP Document Viewer" = HP Document Viewer 7.0

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"iF/A-18" = iF/A-18 Carrier Strike Fighter

"igLoader" = igLoader

"IL Download Manager" = IL Download Manager

"Impulse" = Impulse

"InstallShield_{150FEA49-4039-4458-B9D0-F19CC17229FE}" = LEGO Star Wars 2 DEMO

"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility

"InterActual Player" = InterActual Player

"Intermorphic Noatikl_is1" = Intermorphic Noatikl 1.5

"IrfanView" = IrfanView (remove only)

"KartRider" = ?????

"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14

"LETHAL JUDGMENT 2 - Orbital Apocalypse_is1" = Version 1.0

"Lethal Judgment 3 End Game_is1" = Lethal Judgment 3 1.0

"MAGIX Music Maker 14 silver UK" = MAGIX Music Maker 14 silver 13.0.1.10 (UK)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"Mnemosyne_is1" = Mnemosyne 1.2.2

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"Muddle Earth" = Muddle Earth Screen Saver

"MultiGen" = MultiGen

"Music Editing System" = Music Editing System

"Net Snippets" = Net Snippets

"NetBattle_is1" = NetBattle

"Nimbuzz" = Nimbuzz 1.5.0

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Notepad++" = Notepad++

"NVIDIA Drivers" = NVIDIA Drivers

"oggcodecs" = oggcodecs 0.71.0946

"Onelog_Client_1.0" = MultiResource Client 2.8.0.11

"OpenAL" = OpenAL

"Orb" = Orb

"PoiZone" = PoiZone

"Pokémon Reader 2_is1" = Pokémon Reader 2 (Build 53)

"POL Map editor" = POL Map editor

"Polychromatic Funk Monkey_is1" = Polychromatic Funk Monkey 1.4

"PunkBusterSvc" = PunkBuster Services

"Puzzle Pirates" = Puzzle Pirates

"Reaktor Demo" = Reaktor Demo

"RealPlayer 6.0" = RealPlayer

"ReCycle Demo_is1" = ReCycle Demo 2.1.2

"RiseOfNationsExpansion 1.0" = Rise of Nations

"Sandlot Games Client Services_is1" = Sandlot Games Client Services

"ST6UNST #1" = Bedfordshire Prime

"ST6UNST #2" = ER- 0 Drum Synth

"Starsiege TRIBES" = Starsiege TRIBES 1.8

"Steam App 11910" = Lumines Demo

"Steam App 13140" = America's Army 3

"Steam App 1502" = Darwinia Demo

"Steam App 18610" = Mayhem Intergalactic Demo

"Steam App 18710" = And Yet it Moves - Demo

"Steam App 18800" = Zero Gear Demo

"Steam App 20720" = Starscape Demo

"Steam App 21510" = Pyroblazer Demo

"Steam App 219" = Half-Life 2: Demo

"Steam App 22220" = Zeno Clash Demo

"Steam App 22620" = Alien Breed: Impact Demo

"Steam App 23480" = Ceville - Demo

"Steam App 26810" = Braid Demo

"Steam App 2730" = ThreadSpace: Hyperbol Demo

"Steam App 29110" = Retro/Grade IGF Demo

"Steam App 29140" = Between IGF Demo

"Steam App 29170" = Blueberry Garden Demo

"Steam App 29200" = Osmos Demo

"Steam App 32159" = Everyday Genius: SquareLogic Demo

"Steam App 3412" = Heavy Weapon Deluxe Demo

"Steam App 3483" = Peggle Extreme

"Steam App 34930" = Razor2: Hidden Skies - Demo

"Steam App 35710" = Trine Demo

"Steam App 36920" = All Aspects of Warfare - Demo

"Steam App 37510" = Magnetis Demo

"Steam App 37810" = QuantZ Demo

"Steam App 3840" = Psychonauts Demo

"Steam App 38910" = Rhythm Zone - Demo

"Steam App 40430" = Tidalis Demo

"Steam App 40710" = Machinarium Demo

"Steam App 410" = Portal: First Slice

"Steam App 41010" = Serious Sam HD: The Second Encounter

"Steam App 41020" = Serious Sam HD: The First Encounter Demo

"Steam App 41220" = Eufloria - Demo

"Steam App 42510" = Dogfighter Demo

"Steam App 4330" = Star Trek: DÂ·AÂ·C - Demo

"Steam App 44205" = Galcon Fusion Demo

"Steam App 45430" = Fortix - Demo

"Steam App 46010" = Bob Came in Pieces Demo

"Steam App 4610" = Full Pipe Demo

"Steam App 46610" = Swarm Arena Demo

"Steam App 480" = Spacewar

"Steam App 57210" = Puzzle Dimension Demo

"Steam App 58220" = Jolly Rover Demo

"Steam App 58410" = Turba Demo

"Steam App 6110" = Eets Demo

"Steam App 70310" = VVVVVV Demo

"Steam App 70410" = Recettear: An Item Shop's Tale - Demo

"Steam App 70910" = Star Ruler - Demo

"Steam App 8900" = Freedom Force - Demo

"Steam App 8910" = Freedom Force vs. the 3rd Reich - Demo

"Steam App 92" = Codename Gordon

"Steam App 9950" = Blade Kitten Demo

"Synaesthete_is1" = Synaesthete (v1.0)

"SystemRequirementsLab" = System Requirements Lab

"Tremulous" = Tremulous 1.1.0

"Tribes 2" = Tribes 2

"Ultrafighters" = Ultrafighters

"UnityWebPlayer" = Unity Web Player

"uTorrent" = µTorrent

"Vimidi_is1" = Vimidi 1.0

"Virtools3DLifePlayer" = Virtools 3D Life Player

"Warp Pipe" = Warp Pipe Beta

"WarZone Client v1.0.44" = WarZone Client v1.0.44

"WavePad" = WavePad Sound Editor

"WFCStatus" = WFCStatus 1.5.0.10

"Wii Video 9" = Wii Video 9 2.25

"WildSnake Pinball: Christmas Tree_is1" = WildSnake Pinball: Christmas Tree 1.34

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 3.0

"WinZip" = WinZip

"WMCSetup" = Windows Media Connect

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Pokemon - Den of Ages" = Pokemon - Den of Ages

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 05/11/2012 11:37:47 | Computer Name = MESH | Source = BOINC | ID = 1

Description =

Error - 05/11/2012 14:32:16 | Computer Name = MESH | Source = BOINC | ID = 1

Description =

Error - 05/11/2012 16:57:21 | Computer Name = MESH | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 05/11/2012 16:58:53 | Computer Name = MESH | Source = BOINC | ID = 1

Description =

Error - 05/11/2012 17:29:33 | Computer Name = MESH | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06/11/2012 16:26:26 | Computer Name = MESH | Source = BOINC | ID = 1

Description =

Error - 07/11/2012 12:02:52 | Computer Name = MESH | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 07/11/2012 14:57:38 | Computer Name = MESH | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,

P4 4.1.522.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 08/11/2012 13:30:48 | Computer Name = MESH | Source = BOINC | ID = 1

Description =

Error - 08/11/2012 14:04:58 | Computer Name = MESH | Source = MsiInstaller | ID = 11406

Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error

1406. SA_Error1406: StandardAction(0xC007057E): Could not write value AVG_UI to

key \SOFTWARE\Microsoft\Windows\CurrentVersion\Run. System error . Verify that

you have sufficient access to that key, or contact your support personnel.

[ System Events ]

Error - 05/11/2012 16:58:25 | Computer Name = MESH | Source = Service Control Manager | ID = 7000

Description = The Frontier Compute Engine service failed to start due to the following

error: %%1053

Error - 06/11/2012 16:11:10 | Computer Name = MESH | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 06/11/2012 16:11:10 | Computer Name = MESH | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 07/11/2012 12:03:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 07/11/2012 12:03:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 07/11/2012 12:03:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Frontier Compute Engine

service to connect.

Error - 07/11/2012 12:03:47 | Computer Name = MESH | Source = Service Control Manager | ID = 7000

Description = The Frontier Compute Engine service failed to start due to the following

error: %%1053

Error - 07/11/2012 15:55:56 | Computer Name = MESH | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 08/11/2012 13:29:02 | Computer Name = MESH | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 08/11/2012 13:29:02 | Computer Name = MESH | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

< End of report >

Starbuck · November 8, 2012

In post #22 i asked:

The following programs Must be removed:

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java SE Runtime Environment 6 Update 1
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7
Java 6 Update 35

Reboot the system when these have been removed.

Do NOT remove:
Java 7 Update 9

Also please remove:
Anvi Smart Defender

We all like getting something for free, but relying on Anvi Smart Defender for antivirus could be an expensive proposition. In testing, it proved almost wholly unable to cleanup malware threats and also did a very poor job preventing malware attacks on a clean system. Worse, it repeatedly identified perfectly valid Windows files as malware. You've been warned; stay away.
It also contains an Anti Virus... so it needs to be removed to stop conflicts.

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG 2013 or Microsoft Security Essentials.
Entirely up to you which you remove.
But if you do need a recommendation.... get rid of AVG and keep MSSE.

All of these are still showing in the report you ran this evening!!

We need to address these before we can carry on.

Please follow the instructions and then run Otl again.

I can only clean up what is left after the items have been removed.

Double click on OTL to run it.

Under Extra Registry section, select Use SafeList.
Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks

plumtast · November 18, 2012

In post #22 i asked:

All of these are still showing in the report you ran this evening!!
We need to address these before we can carry on.
Please follow the instructions and then run Otl again.
I can only clean up what is left after the items have been removed.

Double click on OTL to run it.

Under Extra Registry section, select Use SafeList.

Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.

Click on Run Scan at the top left hand corner.

When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks

Ah ok, sorry, must have missed those instructions. Now all done (though the add/remove programmes double click was itself somewhat unresponsive - had to right click and open to make programme list visible and often had to try this more than once).

Many thanks!

Report 1:

OTL Extras logfile created on: 18/11/2012 13:15:01 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 376.34 Mb Available Physical Memory | 36.77% Memory free

2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.97% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 229.36 Gb Total Space | 88.26 Gb Free Space | 38.48% Space Free | Partition Type: NTFS