• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.

agangelus

Full Member
  • Content count

    161
  • Joined

  • Last visited

About agangelus

  • Rank
    Advanced Member
  • Birthday November 29

Profile Information

  • Gender
    Female
  • Location
    Scotland
  1. Hi again That's fantastic! I do use SpywareBlaster too so i'll be carrying this on. I will use all of your recommendations. Thank you so much for all of your help, hopefully I won't need to be back here any time soon. Thanks again Ali :-)
  2. Hi there, I was just wondering if you could help me out. I finally gave up on the XP machine (it just started freezing again ) and bought a new one, it's great . However I posted a new topic in the general computing issues and on checking it appears to be gone. All I wanted to know was if using Avast free antivirus, Comodo firewall and Malwarbytes pro was a good enough security set up for a Windows 8.1 soon to be Windows 10 PC? The machine has McAfee pre loaded which runs out in 5 days, and I will be taking it off. Many thanks Ali :-)
  3. Hi there I think it's pretty much sorted...yaaay! Everything seems to be running as it should. I found out about the IE tab for firefox which lets you run internet explorer within firefox. So it can be used for any pages that can only be viewed using IE, things like windows updates. It can be used in the same way as IE from the windows update link in the control panel. Only thing, you need to keep firefox open, otherwise as I found out closing it cancels any of the updates you're downloading or installing. Another thing I found is a browser from Comodo called Chromodo. It talks about the security being far better with xp. I'm not using it but it's been reviewed and recommended from a lot of sites like majorgeeks, cnet, download etc. It uses its own dns and behaves and looks pretty much like Chrome. Anyway, not a massive contribution I know, but may be useful sometime. I was going to ask about the HOSTS file. I had a look at the link but i'm not sure where to start. Ali :-)
  4. Hi again I seem to have lost a post. I wrote it out and thought I posted it last night but for some reason it doesn't appear to be here...may have brain issues too. Anyway, I'd apologised for not getting back sooner as i'd been away. The pc had become non-responsive so rather than tossing it through (not out) the window i reinstalled windows. The issue seems to be gone thankfully. But now i'm trying to bring it back to the same spec and I'm having difficulty finding service pack 3 I can install. Obviously MS doesn't support XP anymore so I can't get it there. Any direction/suggestions would be greatly appreciated as the "tossing through the window" option is still a possibility lol! Ali :-)
  5. Hi I managed to do the Checkdsk which is now step 3, but when I tried to do the SFC it failed saying "The specified service does not exist as an installed service". I also got a window with a message saying "Files that are required for Windows to run properly must be copied to the DLL Cache. Then asks me to insert my Windows XP Pro SP3 CD which I don't have?!? Ali :-)
  6. Hi there, I seem to have some kind of sharing violation when I try to install the program. I've tried downloading the different mirrors but still the same issue. Ali :-)
  7. Hi there, I've run the anti-root kit but it found nothing and said no cleanup required. Ali :-)
  8. Hi there, There were three logs (not saved to the desktop but when you click on the "open txt" button after clicking the report button). I think they are all the same although named differently. Here they are anyway. Ali :-) RogueKiller V10.9.1.0 [Jul 9 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Alison [Administrator] Started from : C:\Documents and Settings\Alison\Desktop\RogueKiller.exe Mode : Delete -- Date : 07/15/2015 23:14:49 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2] [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2] [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2] [PUM.StartMenu] HKEY_USERS\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 1 -> Replaced (1) ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] saazvu58.default-1433616136984 : user_pref("browser.startup.homepage", "http://www.aol.co.uk/");-> Replaced (about:home) ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD800BB-22JHC0 +++++ --- User --- [MBR] 44a0fd9b27d4193e2e865140f6eb6225 [bSP] 0ce9b5793dc86137ce1e982990057701 : Legit.Unknown|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8546580 | Size: 72143 MB [Windows XP Bootstrap | Windows XP Bootloader] 1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4173 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) RogueKiller V10.9.1.0 [Jul 9 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Alison [Administrator] Started from : C:\Documents and Settings\Alison\Desktop\RogueKiller.exe Mode : Delete -- Date : 07/15/2015 23:14:49 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2] [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2] [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2] [PUM.StartMenu] HKEY_USERS\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 1 -> Replaced (1) ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] saazvu58.default-1433616136984 : user_pref("browser.startup.homepage", "http://www.aol.co.uk/");-> Replaced (about:home) ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD800BB-22JHC0 +++++ --- User --- [MBR] 44a0fd9b27d4193e2e865140f6eb6225 [bSP] 0ce9b5793dc86137ce1e982990057701 : Legit.Unknown|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8546580 | Size: 72143 MB [Windows XP Bootstrap | Windows XP Bootloader] 1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4173 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) RogueKiller V10.9.1.0 [Jul 9 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Alison [Administrator] Started from : C:\Documents and Settings\Alison\Desktop\RogueKiller.exe Mode : Delete -- Date : 07/15/2015 23:14:49 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2] [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2] [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\DOCUME~1\Alison\LOCALS~1\Temp\catchme.sys) -> ERROR [2] [PUM.StartMenu] HKEY_USERS\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 1 -> Replaced (1) ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] saazvu58.default-1433616136984 : user_pref("browser.startup.homepage", "http://www.aol.co.uk/");-> Replaced (about:home) ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD800BB-22JHC0 +++++ --- User --- [MBR] 44a0fd9b27d4193e2e865140f6eb6225 [bSP] 0ce9b5793dc86137ce1e982990057701 : Legit.Unknown|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8546580 | Size: 72143 MB [Windows XP Bootstrap | Windows XP Bootloader] 1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4173 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. )
  9. ComboFix 15-07-12.01 - Alison 14/07/2015 23:58:38.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1982.1108 [GMT 1:00] Running from: c:\documents and settings\Alison\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2015-06-14 to 2015-07-14 ))))))))))))))))))))))))))))))) . . 2015-06-30 00:09 . 2015-06-30 21:16 -------- d-----w- C:\FRST 2015-06-29 21:24 . 2015-06-29 21:32 -------- d-----w- C:\AdwCleaner 2015-06-28 17:36 . 2015-06-28 17:36 -------- d-----w- c:\program files\Common Files\Java 2015-06-28 17:32 . 2015-06-28 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Oracle 2015-06-28 12:22 . 2015-06-28 12:22 -------- d-----w- c:\program files\ESET 2015-06-26 00:47 . 2015-06-28 17:33 146432 ----a-w- c:\windows\system32\javacpl.cpl 2015-06-26 00:46 . 2015-06-28 17:33 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2015-06-26 00:45 . 2015-06-28 17:32 -------- d-----w- c:\program files\Java 2015-06-21 18:05 . 2015-06-21 18:06 -------- d-----w- C:\KVRT_Data 2015-06-21 13:02 . 2015-06-21 13:02 -------- d-----w- c:\program files\File Shredder . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-14 22:14 . 2014-07-11 21:42 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-07-09 21:16 . 2013-04-20 14:47 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-07-09 21:16 . 2013-04-20 14:47 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-06-26 20:39 . 2013-04-18 19:27 428120 ----a-w- c:\windows\system32\drivers\aswsp.sys 2015-06-18 07:41 . 2014-07-11 21:34 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-06-18 07:41 . 2013-04-18 23:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-05-31 11:59 . 2014-05-05 18:18 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-05-31 11:59 . 2013-04-18 20:34 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-05-31 11:59 . 2013-04-18 20:34 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-05-31 11:59 . 2013-04-18 20:34 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-05-31 11:59 . 2013-04-18 19:27 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2015-05-31 11:59 . 2013-04-18 19:27 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2015-05-31 11:59 . 2015-05-31 11:59 291312 ----a-w- c:\windows\system32\aswBoot.exe 2015-05-31 11:59 . 2015-05-31 11:59 43112 ----a-w- c:\windows\avastSS.scr 2015-05-31 11:58 . 2013-04-18 19:27 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-05-10 17:42 . 2015-04-25 21:14 73272 ----a-w- C:\wow_helper.exe 2015-05-10 17:42 . 2015-04-25 21:14 40518200 ----a-w- C:\libcef.dll 2015-05-10 17:42 . 2015-04-25 21:14 219192 ----a-w- C:\libEGL.dll 2015-05-10 17:42 . 2015-04-25 21:14 1365560 ----a-w- C:\libGLESv2.dll 2015-05-10 17:42 . 2015-04-25 21:14 990776 ----a-w- C:\ffmpegsumo.dll 2015-05-10 17:42 . 2015-04-25 21:14 778808 ----a-w- C:\SpotifyCrashService.exe 2015-05-10 17:42 . 2015-04-25 21:14 3457592 ----a-w- C:\d3dcompiler_47.dll 2015-05-10 17:42 . 2015-04-25 21:14 2106424 ----a-w- C:\d3dcompiler_43.dll 2015-05-10 17:42 . 2015-04-25 21:14 2020920 ----a-w- C:\SpotifyWebHelper.exe 2015-05-10 17:42 . 2015-04-25 21:14 124472 ----a-w- C:\SpotifyLauncher.exe 2015-05-10 17:42 . 2015-04-25 21:14 7168568 ----a-w- C:\Spotify.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-05-31 11:59 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-03-13 5529880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-09-24 1576152] "HostManager"="c:\program files\Common Files\AOL\1368048598\ee\AOLSoftware.exe" [2010-03-08 41800] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-31 5515496] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Catalyst System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe SystemTray [2005-8-12 45056] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloGovernor] 2015-03-23 22:56 981976 ----a-w- c:\program files\iolo\System Mechanic\ioloGovernor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloLiveBoost] 2015-03-23 23:03 5483640 ----a-w- c:\program files\iolo\System Mechanic\LiveBoost.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2015-04-21 21:23 7112248 ----a-w- c:\documents and settings\Alison\Application Data\Spotify\Spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2015-04-21 21:23 2018360 ----a-w- c:\documents and settings\Alison\Application Data\Spotify\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ioloSystemService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1368048598\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL Desktop 9.7\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"= "c:\\WINDOWS\\system32\\lxcrcoms.exe"= "c:\\Documents and Settings\\Alison\\Application Data\\Spotify\\spotify.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [18/04/2013 21:34 49904] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [18/04/2013 21:34 209048] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/04/2013 20:27 787760] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [18/04/2013 20:27 428120] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [16/01/2013 19:51 15704] R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [16/01/2013 19:51 587864] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16/01/2013 19:51 30552] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [05/05/2014 19:18 24144] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [18/04/2013 21:34 74976] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [11/07/2014 22:34 1871160] R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [11/07/2014 22:34 1133880] R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [20/04/2013 01:35 69016] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/04/2013 00:56 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [11/07/2014 22:42 98520] S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [24/01/2013 22:42 131288] S4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [18/04/2013 21:53 4703432] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-07-08 00:58 991048 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-20 21:16] . 2013-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2015-07-14 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-31 11:59] . 2015-07-14 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 10:53] . 2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-05-11 23:46] . 2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-05-11 23:46] . 2015-07-14 c:\windows\Tasks\iolo DelOnReboot.job - c:\windows\system32\cmd.exe [2011-06-10 04:42] . 2015-07-14 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job - c:\windows\system32\xp_eos.exe [2014-04-02 01:59] . 2015-07-12 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job - c:\windows\system32\xp_eos.exe [2014-04-02 01:59] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - c:\documents and settings\Alison\Application Data\Mozilla\Firefox\Profiles\saazvu58.default-1433616136984\ FF - prefs.js: browser.startup.homepage - hxxp://www.aol.co.uk/ . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-CTFMON - (no file) AddRemove-Lexmark 2400 Series - c:\program files\Lexmark 2400 Series\Install\x86\Uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-07-15 00:21 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_203_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_203_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(812) c:\windows\system32\guard32.dll c:\windows\system32\mswsock.dll c:\windows\System32\wshtcpip.dll . - - - - - - - > 'csrss.exe'(724) c:\windows\system32\cmdcsr.dll . Completion time: 2015-07-15 00:29:39 ComboFix-quarantined-files.txt 2015-07-14 23:29 . Pre-Run: 49,506,811,904 bytes free Post-Run: 49,479,946,240 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 5E1A5E71ACDAB5C6F7C5B9B8D4CAC1F3 2D572A71BBC779ECCD3D2595FC788A35
  10. Farbar Service Scanner Version: 17-01-2015 Ran by Alison (administrator) on 13-07-2015 at 23:39:57 Running from "C:\Documents and Settings\Alison\My Documents\Downloads" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed C:\WINDOWS\system32\netman.dll => File is digitally signed C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed C:\WINDOWS\system32\srsvc.dll => File is digitally signed C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed C:\WINDOWS\system32\wscsvc.dll => File is digitally signed C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed C:\WINDOWS\system32\wuauserv.dll => File is digitally signed C:\WINDOWS\system32\qmgr.dll => File is digitally signed C:\WINDOWS\system32\es.dll => File is digitally signed C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed Extra List: ======= aswTdi(8) cmdHlp(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0900000004000000010000000200000003000000080000000A000000050000000600000007000000 IpSec Tag value is correct. **** End of log ****
  11. Hi there No yellow exclamation marks. The HP is a Photosmart C4680, but it's not connected to this PC at the moment. Yes, this is a desktop system. Ali :-)
  12. Hi there I did the startup lite, there were 3 items I disabled all three but it hasn't had any effect. What does happen which I don't think I mentioned initially and it may not be relevant is, once the freezing/hanging stops (sometimes after about an hour or two) it runs fine. it's really responsive and doesn't object to numerous applications being launched. Also, if I have to wait too long on it sorting itself I use the power button frequently to restart, this usually speeds up the process. Ali :-)
  13. Hi, Not really any difference. it seems to be pretty much the same even after I rebooted it. Was I meant to do something else with the code other than just copy it into notepad and save it? Ali :-)
  14. Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01 Ran by Alison at 2015-06-30 22:16:04 Run:1 Running from C:\Documents and Settings\Alison\Desktop Loaded Profiles: Alison (Available Profiles: Alison & Graham & Jevon & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** start HKLM\...\Run: [] => [X] HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\Run: [Power2GoExpress] => [X] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION KLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File S4 eapihdrv; \??\C:\DOCUME~1\Alison\LOCALS~1\Temp\ehdrv.sys [X] S3 FXDRV; \??\D:\Fxdrv.sys [X] U1 WS2IFSL; No ImagePath AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 end ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully. HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => value removed successfully. "HKLM\SOFTWARE\Policies\Google" => key removed successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. eapihdrv => Service not found. FXDRV => Service removed successfully. WS2IFSL => Service removed successfully. C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.. ==== End of Fixlog 22:16:04 ==== Farbar Service Scanner Version: 17-01-2015 Ran by Alison (administrator) on 30-06-2015 at 22:19:19 Running from "C:\Documents and Settings\Alison\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed C:\WINDOWS\system32\netman.dll => File is digitally signed C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed C:\WINDOWS\system32\srsvc.dll => File is digitally signed C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed C:\WINDOWS\system32\wscsvc.dll => File is digitally signed C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed C:\WINDOWS\system32\wuauserv.dll => File is digitally signed C:\WINDOWS\system32\qmgr.dll => File is digitally signed C:\WINDOWS\system32\es.dll => File is digitally signed C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed Extra List: ======= aswTdi(8) cmdHlp(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0900000004000000010000000200000003000000080000000A000000050000000600000007000000 IpSec Tag value is correct. **** End of log ****
  15. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01 Ran by Alison at 2015-06-30 01:13:49 Running from C:\Documents and Settings\Alison\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3134883238-3708060988-1507798391-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator Alison (S-1-5-21-3134883238-3708060988-1507798391-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Alison Graham (S-1-5-21-3134883238-3708060988-1507798391-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Graham Guest (S-1-5-21-3134883238-3708060988-1507798391-501 - Limited - Disabled) HelpAssistant (S-1-5-21-3134883238-3708060988-1507798391-1005 - Limited - Disabled) Jevon (S-1-5-21-3134883238-3708060988-1507798391-1008 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Jevon SUPPORT_388945a0 (S-1-5-21-3134883238-3708060988-1507798391-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House) Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1013 - ) ATI Catalyst Control Center (HKLM\...\{452E2DC2-9391-470C-AAB2-D91750A6B891}) (Version: 1.2.2113.53 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.19-051013a1-029129C-Foxconn - ) Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden C4600 (Version: 130.0.425.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform) COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - WipeSoft) Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP) HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.5.1 - iolo technologies, LLC) Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle) Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Lexmark 2400 Series (HKLM\...\Lexmark 2400 Series) (Version: - Lexmark International, Inc.) Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version: - ) Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: - ) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Windows Vista Upgrade Advisor (HKLM\...\{E0EB8881-0CFE-4375-8782-8807D258CD7C}) (Version: 1.0.1 - Microsoft) Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) OCA Client history tool install (HKLM\...\OcaHistoryUpd) (Version: 8.3.0980 - Microsoft Corporation) OLYMPUS Digital Camera Updater (HKLM\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.) OLYMPUS Viewer 2 (HKLM\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.) Power2Go 4.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - ) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - CyberLink Corporation) PS_AIO_05_C4600_Software_Min (Version: 130.0.425.000 - Hewlett-Packard) Hidden Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.18 - Realtek Semiconductor Corp.) REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.70 - REALTEK Semiconductor Corp.) Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden Spotify (HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB) SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation) ==================== Restore Points ========================= 21-06-2015 20:49:37 System Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2011-06-10 07:25 - 2006-03-15 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\iolo DelOnReboot.job => C:\WINDOWS\system32\cmd.exe/c del /f C:\WINDOWS\smrr.dllcmd.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-22 01:06 - 2015-05-31 12:59 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-03-22 01:06 - 2015-05-31 12:59 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-06-29 21:37 - 2015-06-29 21:37 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062901\algo.dll 2013-09-25 22:26 - 2006-11-22 14:51 - 00045056 _____ () C:\WINDOWS\system32\LXPRMON.DLL 2013-09-25 22:25 - 2006-11-22 15:05 - 00012288 _____ () C:\Program Files\Lexmark Fax Solutions\FxCtrStr.dll 2013-09-25 22:25 - 2006-11-22 14:49 - 00032768 _____ () C:\Program Files\Lexmark Fax Solutions\ipcmt.dll 2013-09-25 22:27 - 2006-11-27 08:50 - 00117760 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxcrpp5c.dll 2005-01-02 06:18 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll 2005-01-02 06:18 - 2013-01-02 07:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll 2011-06-10 07:24 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2011-06-10 07:28 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2013-07-10 16:53 - 2013-07-10 16:53 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7106f5c4\mscorlib.dll 2013-07-10 16:49 - 2013-07-10 16:49 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_43c28e18\system.windows.forms.dll 2013-07-10 01:02 - 2013-07-10 01:02 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5a3a9ba3\system.dll 2013-07-10 16:51 - 2013-07-10 16:51 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e63b4eb8\system.xml.dll 2013-07-10 16:52 - 2013-07-10 16:52 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_82e7e373\system.drawing.dll 2015-03-13 21:05 - 2015-03-22 01:06 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\...\1001movie.com -> 1001movie.com There are 6091 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3134883238-3708060988-1507798391-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Alison\Local Settings\Application Data\Microsoft\Wallpaper1.bmp DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: ioloGovernor => C:\Program Files\iolo\System Mechanic\ioloGovernor.exe MSCONFIG\startupreg: ioloLiveBoost => C:\Program Files\iolo\System Mechanic\LiveBoost.exe MSCONFIG\startupreg: Spotify => "C:\Documents and Settings\Alison\Application Data\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Documents and Settings\Alison\Application Data\Spotify\SpotifyWebHelper.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:hpwucli.exe DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe] => :127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe] => Enabled:hpfccopy.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe] => Enabled:hpqgplgtupl.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] => Enabled:hpqgpc01.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:hpwucli.exe StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\acs\AOLDial.exe] => Enabled:AOL Connectivity Service Dialler StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\acs\AOLacsd.exe] => Enabled:AOL Connectivity Services StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1368048598\ee\aolsoftware.exe] => Enabled:AOL Shared Components StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.7\waol.exe] => Enabled:AOL StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe] => Enabled:AOL TopSpeed StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Loader StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\System Information\sinf.exe] => Enabled:AOL System Information StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe] => Enabled:AOL Browser StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\lxcrcoms.exe] => Enabled:2400 Series Server StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Alison\Application Data\Spotify\spotify.exe] => Enabled:Spotify StandardProfile\AuthorizedApplications: [C:\WINDOWS\Temp\CMC_DRAGON\restart_helper.exe] => Enabled:restart_helper.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/27/2015 11:39:58 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Unable to initialize the filter host process. Terminating. Details: This operation returned because the timeout period expired. (0x800705b4) Error: (06/27/2015 00:46:31 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Unable to initialize the filter host process. Terminating. Details: This operation returned because the timeout period expired. (0x800705b4) Error: (06/26/2015 10:50:37 PM) (Source: WmiAdapter) (EventID: 4099) (User: AGANGELUS) Description: Open of service failed. Error: (06/26/2015 00:34:12 AM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Unable to initialize the filter host process. Terminating. Details: This operation returned because the timeout period expired. (0x800705b4) Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37076078 Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 37076078 Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/18/2015 09:56:28 PM) (Source: WmiAdapter) (EventID: 4099) (User: AGANGELUS) Description: Open of service failed. Error: (06/17/2015 09:36:25 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Unable to initialize the filter host process. Terminating. Details: This operation returned because the timeout period expired. (0x800705b4) Error: (06/15/2015 01:27:48 AM) (Source: Application Hang) (EventID: 1001) (User: ) Description: Fault bucket 685985961. System errors: ============= Error: (06/29/2015 10:32:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Media Center Extender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (06/29/2015 10:32:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (06/29/2015 10:32:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (06/29/2015 10:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s). Error: (06/29/2015 10:32:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The lxcr_device service terminated unexpectedly. It has done this 1 time(s). Microsoft Office: ========================= Error: (06/27/2015 11:39:58 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Details: This operation returned because the timeout period expired. (0x800705b4) Error: (06/27/2015 00:46:31 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Details: This operation returned because the timeout period expired. (0x800705b4) Error: (06/26/2015 10:50:37 PM) (Source: WmiAdapter) (EventID: 4099) (User: AGANGELUS) Description: Error: (06/26/2015 00:34:12 AM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Details: This operation returned because the timeout period expired. (0x800705b4) Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37076078 Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 37076078 Error: (06/20/2015 11:27:37 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/18/2015 09:56:28 PM) (Source: WmiAdapter) (EventID: 4099) (User: AGANGELUS) Description: Error: (06/17/2015 09:36:25 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Details: This operation returned because the timeout period expired. (0x800705b4) Error: (06/15/2015 01:27:48 AM) (Source: Application Hang) (EventID: 1001) (User: ) Description: 685985961 ==================== Memory info =========================== Processor: Intel® Pentium® 4 CPU 3.00GHz Percentage of memory in use: 62% Total physical RAM: 1982.48 MB Available physical RAM: 745.09 MB Total Pagefile: 3874.29 MB Available Pagefile: 2714.04 MB Total Virtual: 2047.88 MB Available Virtual: 1948.52 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:70.45 GB) (Free:48.52 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 74.5 GB) (Disk ID: 8A558A55) Partition 1: (Active) - (Size=70.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=4.1 GB) - (Type=12) ==================== End of log ============================