Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need someone to evaluate Hijack file for me please.

Started by cancer1965 , Sep 17 2011 08:41 AM

This topic is locked

#1
cancer1965

Posted 17 September 2011 - 08:41 AM

Member

Member
10 posts

I am getting audio ads that run in the background when I watch certain things online, they are very annoying...but I can't seem to find the cause of the issue. Is there anything in here that could be causing the problem? I run Malware, Spybot Search and Destroy, and AVG on a regular basis. They always come up clean. Thanks! Vicki

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:18 AM, on 9/17/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...=smb&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...=smb&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1300805750718
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

--
End of file - 8089 bytes

#2
Essexboy

Posted 17 September 2011 - 09:12 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there Hijackthis does not look deep enough so I would like you to run two analysis programmes for me

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
cancer1965

Posted 18 September 2011 - 02:17 AM

Member

Topic Starter
Member
10 posts

Okay thanks so much, I will do both and get back to you.

#4
cancer1965

Posted 18 September 2011 - 07:58 AM

Member

Topic Starter
Member
10 posts

Here are the results I got. Thank you.

Attached Files

Extras.Txt 32.46KB 77 downloads
aswMBR.txt 1.83KB 91 downloads
OTL.Txt 92.67KB 71 downloads

#5
cancer1965

Posted 18 September 2011 - 08:05 AM

Member

Topic Starter
Member
10 posts

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-18 03:09:54
-----------------------------
03:09:54.703 OS Version: Windows 5.1.2600 Service Pack 2
03:09:54.703 Number of processors: 1 586 0x4F02
03:09:54.703 ComputerName: HP45461619683 UserName: Administrator
03:09:57.500 Initialize success
03:18:30.109 AVAST engine defs: 11091701
03:20:19.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
03:20:19.078 Disk 0 Vendor: WDC_WD800JD-60LSA5 10.01E03 Size: 76319MB BusType: 3
03:20:21.093 Disk 0 MBR read successfully
03:20:21.093 Disk 0 MBR scan
03:20:21.140 Disk 0 unknown MBR code
03:20:21.171 Disk 0 scanning sectors +156280320
03:20:21.218 Disk 0 scanning C:\WINDOWS\system32\drivers
03:20:28.968 Service scanning
03:20:29.828 Modules scanning
03:20:33.734 Disk 0 trace - called modules:
03:20:33.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
03:20:33.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89a4bab8]
03:20:33.750 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\00000061[0x89ad5f18]
03:20:34.250 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89ad4940]
03:20:34.687 AVAST engine scan C:\WINDOWS
03:20:39.281 AVAST engine scan C:\WINDOWS\system32
03:22:01.625 AVAST engine scan C:\WINDOWS\system32\drivers
03:22:09.109 AVAST engine scan C:\Documents and Settings\Administrator
03:30:24.312 AVAST engine scan C:\Documents and Settings\All Users
03:31:43.968 Scan finished successfully
08:55:09.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
08:55:09.796 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

OTL Extras logfile created on: 9/18/2011 3:14:54 AM - Run 1
OTL by OldTimer - Version 3.2.29.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 45.56% Memory free
3.35 Gb Paging File | 2.06 Gb Available in Paging File | 61.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 45.52 Gb Free Space | 70.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.20 Gb Free Space | 82.00% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 2.49 Gb Free Space | 66.63% Space Free | Partition Type: FAT32

Computer Name: HP45461619683 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_USERS\S-1-5-21-3475736484-2603938691-1109610818-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{38DD9AAA-A09A-42FF-A9EE-DA9C84B2E036}" = Dual-Core Optimizer
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4B92A11C-F48F-430A-AB8D-3F7CA80669CD}" = SDMSSplash
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{727DAFCB-E3AF-46E3-8A38-EB9C3EAA0A88}" = AVG 2011
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"FrostWire" = FrostWire 4.21.8
"ie8" = Windows Internet Explorer 8
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PDF Complete" = PDF Complete
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3475736484-2603938691-1109610818-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2011 12:40:25 PM | Computer Name = HP45461619683 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/13/2011 12:40:25 PM | Computer Name = HP45461619683 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/6/2011 4:14:56 PM | Computer Name = HP45461619683 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x736f7263.

Error - 8/22/2011 3:02:41 PM | Computer Name = HP45461619683 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2011 12:12:24 AM | Computer Name = HP45461619683 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10u.ocx, version 10.3.181.34, fault address 0x000d8e45.

Error - 9/10/2011 10:05:50 AM | Computer Name = HP45461619683 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/10/2011 10:17:29 AM | Computer Name = HP45461619683 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/15/2011 10:09:10 PM | Computer Name = HP45461619683 | Source = Application Hang | ID = 1002
Description = Hanging application wgasetup.exe, version 1.9.40.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/18/2011 4:13:34 AM | Computer Name = HP45461619683 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.29.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/18/2011 4:18:59 AM | Computer Name = HP45461619683 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

[ System Events ]
Error - 7/26/2011 11:47:15 PM | Computer Name = HP45461619683 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/26/2011 11:47:15 PM | Computer Name = HP45461619683 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/4/2011 8:29:37 PM | Computer Name = HP45461619683 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 8/4/2011 8:29:37 PM | Computer Name = HP45461619683 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 8/6/2011 3:34:38 PM | Computer Name = HP45461619683 | Source = Service Control Manager | ID = 7034
Description = The Kodak AiO Network Discovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/7/2011 4:32:19 PM | Computer Name = HP45461619683 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 8/7/2011 4:32:19 PM | Computer Name = HP45461619683 | Source = ati2mtag | ID = 44044
Description = I2c return failed

Error - 8/7/2011 4:34:15 PM | Computer Name = HP45461619683 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Kodak AiO Device Service
service to connect.

Error - 8/7/2011 4:34:15 PM | Computer Name = HP45461619683 | Source = Service Control Manager | ID = 7000
Description = The Kodak AiO Device Service service failed to start due to the following
error: %%1053

Error - 8/7/2011 4:34:15 PM | Computer Name = HP45461619683 | Source = Service Control Manager | ID = 7001
Description = The Kodak AiO Network Discovery Service service depends on the Kodak
AiO Device Service service which failed to start because of the following error:
%%1053

< End of report >

OTL logfile created on: 9/18/2011 3:14:54 AM - Run 1
OTL by OldTimer - Version 3.2.29.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 45.56% Memory free
3.35 Gb Paging File | 2.06 Gb Available in Paging File | 61.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 45.52 Gb Free Space | 70.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.20 Gb Free Space | 82.00% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 2.49 Gb Free Space | 66.63% Space Free | Partition Type: FAT32

Computer Name: HP45461619683 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/18 03:13:42 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/09/18 03:09:48 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\My Documents\Downloads\aswMBR.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/06/16 17:53:22 | 002,510,848 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/12 21:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/08/07 13:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/08/07 13:59:48 | 000,331,288 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe
PRC - [2006/07/10 12:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2004/08/04 02:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/08 18:46:46 | 000,169,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\2a61e8dc7bb2470b95b37df0a05d1a15\Inkjet.Automation.ni.dll
MOD - [2011/09/08 18:46:42 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\fad9fbb97172bbd40995eadfca5e1c83\Inkjet.DeviceSettings.ni.dll
MOD - [2011/09/08 18:46:38 | 000,237,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\512f29d4ecff9326c94b163d33af14f2\Inkjet.Localization.ni.dll
MOD - [2011/09/08 18:46:38 | 000,105,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\3f372a13e8ad8a4caf50c827d00bd1a5\Inkjet.Diagnostics.ni.dll
MOD - [2011/09/08 18:46:37 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\0516faaeaf4f522eded9cf07d73f317e\Inkjet.Utilities.ni.dll
MOD - [2011/09/08 18:46:36 | 000,820,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\fb72c5f093fb12bdf66c997993e95f76\Inkjet.Hardware.ni.dll
MOD - [2011/09/08 18:46:34 | 000,178,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\e73cd8a66bbeae1fb4dd79bc79d454d9\Inkjet.Statistics.ni.dll
MOD - [2011/09/08 18:46:34 | 000,080,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\719810301c7ea04e7021e247dd36ce36\Inkjet.Configuration.ni.dll
MOD - [2011/09/08 18:46:28 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
MOD - [2011/09/03 07:28:23 | 000,400,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011/09/03 07:28:22 | 004,118,072 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 07:27:18 | 000,300,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\Locales\en-US.dll
MOD - [2011/09/03 07:26:51 | 000,104,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 07:26:49 | 000,203,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 07:26:48 | 001,846,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011/03/26 03:15:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2011/03/26 03:13:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2011/03/26 03:13:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
MOD - [2011/03/26 03:12:43 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
MOD - [2011/03/26 03:11:15 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2011/03/26 03:11:06 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/12 20:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 20:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/04/22 16:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 18:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 17:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 17:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 17:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 17:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 17:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 17:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 17:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 17:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 17:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2006/07/10 12:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
MOD - [2004/08/04 02:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/04 02:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/08/07 13:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

========== Driver Services (SafeList) ==========

DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/03/10 06:28:40 | 000,602,912 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 18:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 17:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 17:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/11/21 14:35:06 | 004,399,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/01 17:42:14 | 000,033,280 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/09/09 03:46:54 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/02 01:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/16 16:56:38 | 000,083,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 19:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 19:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 19:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 19:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 19:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 19:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 19:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 19:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 19:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 19:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 19:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 19:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 19:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 19:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 19:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 00:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/23 14:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-3475736484-2603938691-1109610818-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...=smb&pf=desktop
IE - HKU\S-1-5-21-3475736484-2603938691-1109610818-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...=smb&pf=desktop
IE - HKU\S-1-5-21-3475736484-2603938691-1109610818-500\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3475736484-2603938691-1109610818-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/05/21 06:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/16 09:16:45 | 000,000,000 | ---D | M]

[2011/03/18 14:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/03/18 14:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqk4kgzq.default\extensions
[2011/09/16 09:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/05/21 06:12:29 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.004.022.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED

========== Chrome - Experimental ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://search.avg.co...US&iy=&ychte=us
CHR - default_search_provider: suggest_url = http://suggestquerie...q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Extension = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\

O1 HOSTS File: ([2011/03/18 15:11:59 | 000,431,122 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14841 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3475736484-2603938691-1109610818-500\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3475736484-2603938691-1109610818-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1300805750718 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.102.161.227 75.102.160.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B68138DC-273D-41A2-A5E7-6D2AAB473593}: DhcpNameServer = 75.102.161.227 75.102.160.227
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/17 16:03:01 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/09/17 08:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/17 08:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/09/17 08:22:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/17 08:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2011/09/15 21:08:57 | 000,000,000 | ---D | C] -- C:\0b3ee15374103f2afa7b3b4c
[2011/09/12 12:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/09/09 10:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/09/09 10:34:12 | 000,000,000 | ---D | C] -- C:\99b0d89832cfad2ede99
[2011/09/09 10:33:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/09/09 10:33:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/09/08 18:40:10 | 000,131,072 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJCOINST12.dll
[2011/09/08 18:40:09 | 000,425,984 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJ5000MON.dll
[2011/09/07 09:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/09/07 09:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/07 09:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/07 09:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/09/07 09:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/09/07 09:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2011/09/07 09:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/07 09:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2011/08/29 06:25:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/08/23 14:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2011/08/22 13:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kodak
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/18 02:36:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3475736484-2603938691-1109610818-500UA.job
[2011/09/18 00:36:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3475736484-2603938691-1109610818-500Core.job
[2011/09/17 23:48:11 | 132,775,217 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/17 23:47:26 | 000,160,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/09/17 13:11:03 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
[2011/09/17 09:31:09 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/09/17 08:45:06 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.msi
[2011/09/17 08:27:53 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2011/09/17 05:19:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/16 09:16:46 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/09/16 07:14:31 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/09/15 21:10:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/15 04:00:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/09/12 12:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/10 03:01:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/09 21:00:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/09 21:00:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/09 10:35:00 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/09 10:33:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/09/09 10:33:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/09/08 18:48:29 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2011/09/07 09:40:12 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/03 15:31:02 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/09/03 15:31:02 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/28 23:26:42 | 000,091,030 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\PassportApplicationComplete (1).pdf
[2011/08/22 13:14:05 | 000,001,777 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/17 08:45:47 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/09/17 08:45:11 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.msi
[2011/09/09 10:35:21 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/09/09 10:35:21 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/09/09 10:33:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/09/08 18:48:29 | 000,001,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2011/09/07 09:40:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/07 09:38:55 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/07 09:38:50 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/08/28 23:38:43 | 000,091,030 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\PassportApplicationComplete (1).pdf
[2011/08/22 13:13:36 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
[2011/08/16 13:05:07 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 07:57:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/18 22:20:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/18 15:45:12 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/18 15:43:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/03/18 15:36:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/03/18 15:20:52 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2011/03/18 15:20:51 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/03/18 15:15:32 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/03/18 15:15:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/03/18 15:15:25 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/03/18 15:15:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/03/18 15:15:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2011/03/18 15:13:04 | 000,000,774 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/03/18 14:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2006/05/16 08:54:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 19:43:56 | 000,441,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 19:43:56 | 000,071,264 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 19:39:48 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 19:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 19:27:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/07/17 13:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/08/17 15:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 15:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 15:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 16:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 16:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

========== LOP Check ==========

[2011/03/18 15:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/07/20 17:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2011/03/18 15:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2011/06/17 10:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2011/03/18 15:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/08/22 13:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Temp
[2011/07/13 13:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/03/18 15:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/18 15:19:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/18 22:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2011/04/01 08:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/05/21 05:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/08 18:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp
[2011/08/23 14:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004/08/04 02:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2004/08/04 02:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< End of report >

#6
Essexboy

Posted 18 September 2011 - 08:39 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm your MBR is reporting as unknown so lets check him out

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#7
cancer1965

Posted 18 September 2011 - 09:39 PM

Member

Topic Starter
Member
10 posts

I could not get AVG to quit running in the systray, so I just clicked "allow file" when it tried to stop the process. The MBR problems may be from a "BOOTMGR IS MISSING" error I have been getting on boot since I formatted my system a few months ago. I just press any key to continue and it boots into windows. I have reseated the HD cables and this error will go away for awhile and then come back....Here are the files you requested. Thanks.

ComboFix 11-09-18.03 - Administrator 09/18/2011 22:02:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.877 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL71.tmp.e48d7ba3.ini
c:\windows\$MSI31Uninstall_KB893803v2$
c:\windows\$MSI31Uninstall_KB893803v2$\msi.dll
c:\windows\$MSI31Uninstall_KB893803v2$\msiexec.exe
c:\windows\$MSI31Uninstall_KB893803v2$\msihnd.dll
c:\windows\$MSI31Uninstall_KB893803v2$\msimsg.dll
c:\windows\$MSI31Uninstall_KB893803v2$\msisip.dll
c:\windows\$MSI31Uninstall_KB893803v2$\reg00013
c:\windows\$MSI31Uninstall_KB893803v2$\reg00014
c:\windows\$MSI31Uninstall_KB893803v2$\reg00015
c:\windows\$MSI31Uninstall_KB893803v2$\reg00016
c:\windows\$MSI31Uninstall_KB893803v2$\reg00017
c:\windows\$MSI31Uninstall_KB893803v2$\reg00018
c:\windows\$MSI31Uninstall_KB893803v2$\reg00019
c:\windows\$MSI31Uninstall_KB893803v2$\reg00020
c:\windows\$MSI31Uninstall_KB893803v2$\reg00021
c:\windows\$MSI31Uninstall_KB893803v2$\reg00022
c:\windows\$MSI31Uninstall_KB893803v2$\reg00023
c:\windows\$MSI31Uninstall_KB893803v2$\reg00024
c:\windows\$MSI31Uninstall_KB893803v2$\reg00025
c:\windows\$MSI31Uninstall_KB893803v2$\reg00026
c:\windows\$MSI31Uninstall_KB893803v2$\reg00027
c:\windows\$MSI31Uninstall_KB893803v2$\reg00028
c:\windows\$MSI31Uninstall_KB893803v2$\reg00029
c:\windows\$MSI31Uninstall_KB893803v2$\reg00030
c:\windows\$MSI31Uninstall_KB893803v2$\reg00031
c:\windows\$MSI31Uninstall_KB893803v2$\reg00032
c:\windows\$MSI31Uninstall_KB893803v2$\reg00033
c:\windows\$MSI31Uninstall_KB893803v2$\reg00034
c:\windows\$MSI31Uninstall_KB893803v2$\reg00035
c:\windows\$MSI31Uninstall_KB893803v2$\reg00036
c:\windows\$MSI31Uninstall_KB893803v2$\reg00037
c:\windows\$MSI31Uninstall_KB893803v2$\reg00038
c:\windows\$MSI31Uninstall_KB893803v2$\reg00039
c:\windows\$MSI31Uninstall_KB893803v2$\reg00040
c:\windows\$MSI31Uninstall_KB893803v2$\reg00041
c:\windows\$MSI31Uninstall_KB893803v2$\reg00042
c:\windows\$MSI31Uninstall_KB893803v2$\reg00043
c:\windows\$MSI31Uninstall_KB893803v2$\reg00044
c:\windows\$MSI31Uninstall_KB893803v2$\reg00045
c:\windows\$MSI31Uninstall_KB893803v2$\reg00046
c:\windows\$MSI31Uninstall_KB893803v2$\reg00047
c:\windows\$MSI31Uninstall_KB893803v2$\reg00048
c:\windows\$MSI31Uninstall_KB893803v2$\reg00051
c:\windows\$MSI31Uninstall_KB893803v2$\reg00052
c:\windows\$MSI31Uninstall_KB893803v2$\reg00053
c:\windows\$MSI31Uninstall_KB893803v2$\reg00054
c:\windows\$MSI31Uninstall_KB893803v2$\reg00055
c:\windows\$MSI31Uninstall_KB893803v2$\reg00056
c:\windows\$MSI31Uninstall_KB893803v2$\reg00057
c:\windows\$MSI31Uninstall_KB893803v2$\reg00058
c:\windows\$MSI31Uninstall_KB893803v2$\reg00059
c:\windows\$MSI31Uninstall_KB893803v2$\reg00060
c:\windows\$MSI31Uninstall_KB893803v2$\reg00061
c:\windows\$MSI31Uninstall_KB893803v2$\reg00062
c:\windows\$MSI31Uninstall_KB893803v2$\reg00063
c:\windows\$MSI31Uninstall_KB893803v2$\reg00064
c:\windows\$MSI31Uninstall_KB893803v2$\reg00065
c:\windows\$MSI31Uninstall_KB893803v2$\reg00066
c:\windows\$MSI31Uninstall_KB893803v2$\reg00067
c:\windows\$MSI31Uninstall_KB893803v2$\reg00068
c:\windows\$MSI31Uninstall_KB893803v2$\reg00069
c:\windows\$MSI31Uninstall_KB893803v2$\reg00070
c:\windows\$MSI31Uninstall_KB893803v2$\reg00071
c:\windows\$MSI31Uninstall_KB893803v2$\reg00072
c:\windows\$MSI31Uninstall_KB893803v2$\reg00073
c:\windows\$MSI31Uninstall_KB893803v2$\reg00074
c:\windows\$MSI31Uninstall_KB893803v2$\reg00075
c:\windows\$MSI31Uninstall_KB893803v2$\reg00076
c:\windows\$MSI31Uninstall_KB893803v2$\reg00077
c:\windows\$MSI31Uninstall_KB893803v2$\reg00078
c:\windows\$MSI31Uninstall_KB893803v2$\reg00079
c:\windows\$MSI31Uninstall_KB893803v2$\reg00080
c:\windows\$MSI31Uninstall_KB893803v2$\reg00081
c:\windows\$MSI31Uninstall_KB893803v2$\reg00082
c:\windows\$MSI31Uninstall_KB893803v2$\reg00083
c:\windows\$MSI31Uninstall_KB893803v2$\reg00084
c:\windows\$MSI31Uninstall_KB893803v2$\reg00085
c:\windows\$MSI31Uninstall_KB893803v2$\reg00086
c:\windows\$MSI31Uninstall_KB893803v2$\reg00087
c:\windows\$MSI31Uninstall_KB893803v2$\reg00088
c:\windows\$MSI31Uninstall_KB893803v2$\reg00089
c:\windows\$MSI31Uninstall_KB893803v2$\reg00090
c:\windows\$MSI31Uninstall_KB893803v2$\reg00091
c:\windows\$MSI31Uninstall_KB893803v2$\reg00092
c:\windows\$MSI31Uninstall_KB893803v2$\reg00093
c:\windows\$MSI31Uninstall_KB893803v2$\reg00094
c:\windows\$MSI31Uninstall_KB893803v2$\reg00095
c:\windows\$MSI31Uninstall_KB893803v2$\reg00096
c:\windows\$MSI31Uninstall_KB893803v2$\reg00097
c:\windows\$MSI31Uninstall_KB893803v2$\reg00098
c:\windows\$MSI31Uninstall_KB893803v2$\reg00099
c:\windows\$MSI31Uninstall_KB893803v2$\reg00100
c:\windows\$MSI31Uninstall_KB893803v2$\reg00101
c:\windows\$MSI31Uninstall_KB893803v2$\reg00102
c:\windows\$MSI31Uninstall_KB893803v2$\reg00103
c:\windows\$MSI31Uninstall_KB893803v2$\reg00104
c:\windows\$MSI31Uninstall_KB893803v2$\reg00105
c:\windows\$MSI31Uninstall_KB893803v2$\reg00106
c:\windows\$MSI31Uninstall_KB893803v2$\reg00107
c:\windows\$MSI31Uninstall_KB893803v2$\reg00108
c:\windows\$MSI31Uninstall_KB893803v2$\reg00109
c:\windows\$MSI31Uninstall_KB893803v2$\reg00110
c:\windows\$MSI31Uninstall_KB893803v2$\reg00111
c:\windows\$MSI31Uninstall_KB893803v2$\reg00112
c:\windows\$MSI31Uninstall_KB893803v2$\reg00113
c:\windows\$MSI31Uninstall_KB893803v2$\reg00114
c:\windows\$MSI31Uninstall_KB893803v2$\reg00115
c:\windows\$MSI31Uninstall_KB893803v2$\reg00116
c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf
c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt
c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
c:\windows\system32\lvci1201278.dll
c:\windows\TEMP\logishrd\LVPrcInj02.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-17 21:03 . 2011-09-17 21:03 -------- d-----w- C:\$AVG
2011-09-17 13:45 . 2011-09-17 13:45 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-17 13:45 . 2011-09-17 13:45 -------- d-----w- c:\program files\Trend Micro
2011-09-16 02:08 . 2011-09-16 02:09 -------- d-----w- C:\0b3ee15374103f2afa7b3b4c
2011-09-15 14:48 . 2010-03-10 11:28 602912 ----a-r- c:\windows\system32\drivers\RTL8192su.sys
2011-09-12 17:36 . 2011-09-12 17:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-12 17:36 . 2011-09-12 17:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-09-09 15:34 . 2011-09-09 15:34 -------- d-----w- c:\program files\Windows Media Connect 2
2011-09-09 15:34 . 2011-09-09 15:35 -------- d-----w- C:\99b0d89832cfad2ede99
2011-09-09 15:33 . 2006-10-19 02:47 276992 ------w- c:\windows\system32\audiodev.dll
2011-09-09 15:33 . 2011-09-09 15:34 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-09-09 15:33 . 2011-09-09 15:33 -------- d-----w- c:\windows\system32\LogFiles
2011-09-08 23:40 . 2011-06-16 22:53 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-09-08 23:40 . 2011-06-16 22:53 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-09-08 23:40 . 2011-06-16 22:53 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-09-08 23:36 . 2011-09-08 23:36 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-09-07 14:41 . 2011-09-07 14:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-09-07 14:39 . 2011-09-07 14:40 -------- d-----w- c:\program files\QuickTime
2011-09-07 14:39 . 2011-09-07 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-09-07 14:39 . 2011-09-07 14:39 -------- d-----w- c:\program files\Common Files\Apple
2011-09-07 14:38 . 2011-09-07 14:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2011-09-07 14:38 . 2011-09-07 14:38 -------- d-----w- c:\program files\Apple Software Update
2011-09-07 14:38 . 2011-09-07 14:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2011-08-23 19:05 . 2011-08-23 19:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\Temp
2011-08-22 18:25 . 2011-09-08 23:44 -------- d-----w- c:\windows\system32\kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-10 02:00 . 2011-07-28 02:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 22:00 . 2011-03-18 20:03 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-09-01 14:16 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conime"="c:\windows\system32\conime.exe" [2004-08-04 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-14 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [9/5/2011 5:00 PM 393648]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [3/18/2011 3:38 PM 540184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 4:23 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 4:23 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 4:23 PM 27216]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [9/15/2011 9:48 AM 602912]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 9:26 AM 1025352]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475736484-2603938691-1109610818-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 02:09]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475736484-2603938691-1109610818-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 02:09]
.
2011-09-18 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\AiO\Center\Kodak.Statistics.exe [2011-09-05 22:00]
.
2011-09-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-03-18 20:45]
.
2011-09-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-03-18 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.102.161.227 75.102.160.227
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-18 22:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3475736484-2603938691-1109610818-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,4f,09,89,84,c0,75,42,8c,bb,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,4f,09,89,84,c0,75,42,8c,bb,40,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-09-18 22:21:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-19 03:21
.
Pre-Run: 48,656,187,392 bytes free
Post-Run: 48,988,450,816 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 4A04C19E8B2A27B71A359FD0FA93C6B9

ComboFix 11-09-18.03 - Administrator 09/18/2011 22:02:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.877 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL71.tmp.e48d7ba3.ini
c:\windows\$MSI31Uninstall_KB893803v2$
c:\windows\$MSI31Uninstall_KB893803v2$\msi.dll
c:\windows\$MSI31Uninstall_KB893803v2$\msiexec.exe
c:\windows\$MSI31Uninstall_KB893803v2$\msihnd.dll
c:\windows\$MSI31Uninstall_KB893803v2$\msimsg.dll
c:\windows\$MSI31Uninstall_KB893803v2$\msisip.dll
c:\windows\$MSI31Uninstall_KB893803v2$\reg00013
c:\windows\$MSI31Uninstall_KB893803v2$\reg00014
c:\windows\$MSI31Uninstall_KB893803v2$\reg00015
c:\windows\$MSI31Uninstall_KB893803v2$\reg00016
c:\windows\$MSI31Uninstall_KB893803v2$\reg00017
c:\windows\$MSI31Uninstall_KB893803v2$\reg00018
c:\windows\$MSI31Uninstall_KB893803v2$\reg00019
c:\windows\$MSI31Uninstall_KB893803v2$\reg00020
c:\windows\$MSI31Uninstall_KB893803v2$\reg00021
c:\windows\$MSI31Uninstall_KB893803v2$\reg00022
c:\windows\$MSI31Uninstall_KB893803v2$\reg00023
c:\windows\$MSI31Uninstall_KB893803v2$\reg00024
c:\windows\$MSI31Uninstall_KB893803v2$\reg00025
c:\windows\$MSI31Uninstall_KB893803v2$\reg00026
c:\windows\$MSI31Uninstall_KB893803v2$\reg00027
c:\windows\$MSI31Uninstall_KB893803v2$\reg00028
c:\windows\$MSI31Uninstall_KB893803v2$\reg00029
c:\windows\$MSI31Uninstall_KB893803v2$\reg00030
c:\windows\$MSI31Uninstall_KB893803v2$\reg00031
c:\windows\$MSI31Uninstall_KB893803v2$\reg00032
c:\windows\$MSI31Uninstall_KB893803v2$\reg00033
c:\windows\$MSI31Uninstall_KB893803v2$\reg00034
c:\windows\$MSI31Uninstall_KB893803v2$\reg00035
c:\windows\$MSI31Uninstall_KB893803v2$\reg00036
c:\windows\$MSI31Uninstall_KB893803v2$\reg00037
c:\windows\$MSI31Uninstall_KB893803v2$\reg00038
c:\windows\$MSI31Uninstall_KB893803v2$\reg00039
c:\windows\$MSI31Uninstall_KB893803v2$\reg00040
c:\windows\$MSI31Uninstall_KB893803v2$\reg00041
c:\windows\$MSI31Uninstall_KB893803v2$\reg00042
c:\windows\$MSI31Uninstall_KB893803v2$\reg00043
c:\windows\$MSI31Uninstall_KB893803v2$\reg00044
c:\windows\$MSI31Uninstall_KB893803v2$\reg00045
c:\windows\$MSI31Uninstall_KB893803v2$\reg00046
c:\windows\$MSI31Uninstall_KB893803v2$\reg00047
c:\windows\$MSI31Uninstall_KB893803v2$\reg00048
c:\windows\$MSI31Uninstall_KB893803v2$\reg00051
c:\windows\$MSI31Uninstall_KB893803v2$\reg00052
c:\windows\$MSI31Uninstall_KB893803v2$\reg00053
c:\windows\$MSI31Uninstall_KB893803v2$\reg00054
c:\windows\$MSI31Uninstall_KB893803v2$\reg00055
c:\windows\$MSI31Uninstall_KB893803v2$\reg00056
c:\windows\$MSI31Uninstall_KB893803v2$\reg00057
c:\windows\$MSI31Uninstall_KB893803v2$\reg00058
c:\windows\$MSI31Uninstall_KB893803v2$\reg00059
c:\windows\$MSI31Uninstall_KB893803v2$\reg00060
c:\windows\$MSI31Uninstall_KB893803v2$\reg00061
c:\windows\$MSI31Uninstall_KB893803v2$\reg00062
c:\windows\$MSI31Uninstall_KB893803v2$\reg00063
c:\windows\$MSI31Uninstall_KB893803v2$\reg00064
c:\windows\$MSI31Uninstall_KB893803v2$\reg00065
c:\windows\$MSI31Uninstall_KB893803v2$\reg00066
c:\windows\$MSI31Uninstall_KB893803v2$\reg00067
c:\windows\$MSI31Uninstall_KB893803v2$\reg00068
c:\windows\$MSI31Uninstall_KB893803v2$\reg00069
c:\windows\$MSI31Uninstall_KB893803v2$\reg00070
c:\windows\$MSI31Uninstall_KB893803v2$\reg00071
c:\windows\$MSI31Uninstall_KB893803v2$\reg00072
c:\windows\$MSI31Uninstall_KB893803v2$\reg00073
c:\windows\$MSI31Uninstall_KB893803v2$\reg00074
c:\windows\$MSI31Uninstall_KB893803v2$\reg00075
c:\windows\$MSI31Uninstall_KB893803v2$\reg00076
c:\windows\$MSI31Uninstall_KB893803v2$\reg00077
c:\windows\$MSI31Uninstall_KB893803v2$\reg00078
c:\windows\$MSI31Uninstall_KB893803v2$\reg00079
c:\windows\$MSI31Uninstall_KB893803v2$\reg00080
c:\windows\$MSI31Uninstall_KB893803v2$\reg00081
c:\windows\$MSI31Uninstall_KB893803v2$\reg00082
c:\windows\$MSI31Uninstall_KB893803v2$\reg00083
c:\windows\$MSI31Uninstall_KB893803v2$\reg00084
c:\windows\$MSI31Uninstall_KB893803v2$\reg00085
c:\windows\$MSI31Uninstall_KB893803v2$\reg00086
c:\windows\$MSI31Uninstall_KB893803v2$\reg00087
c:\windows\$MSI31Uninstall_KB893803v2$\reg00088
c:\windows\$MSI31Uninstall_KB893803v2$\reg00089
c:\windows\$MSI31Uninstall_KB893803v2$\reg00090
c:\windows\$MSI31Uninstall_KB893803v2$\reg00091
c:\windows\$MSI31Uninstall_KB893803v2$\reg00092
c:\windows\$MSI31Uninstall_KB893803v2$\reg00093
c:\windows\$MSI31Uninstall_KB893803v2$\reg00094
c:\windows\$MSI31Uninstall_KB893803v2$\reg00095
c:\windows\$MSI31Uninstall_KB893803v2$\reg00096
c:\windows\$MSI31Uninstall_KB893803v2$\reg00097
c:\windows\$MSI31Uninstall_KB893803v2$\reg00098
c:\windows\$MSI31Uninstall_KB893803v2$\reg00099
c:\windows\$MSI31Uninstall_KB893803v2$\reg00100
c:\windows\$MSI31Uninstall_KB893803v2$\reg00101
c:\windows\$MSI31Uninstall_KB893803v2$\reg00102
c:\windows\$MSI31Uninstall_KB893803v2$\reg00103
c:\windows\$MSI31Uninstall_KB893803v2$\reg00104
c:\windows\$MSI31Uninstall_KB893803v2$\reg00105
c:\windows\$MSI31Uninstall_KB893803v2$\reg00106
c:\windows\$MSI31Uninstall_KB893803v2$\reg00107
c:\windows\$MSI31Uninstall_KB893803v2$\reg00108
c:\windows\$MSI31Uninstall_KB893803v2$\reg00109
c:\windows\$MSI31Uninstall_KB893803v2$\reg00110
c:\windows\$MSI31Uninstall_KB893803v2$\reg00111
c:\windows\$MSI31Uninstall_KB893803v2$\reg00112
c:\windows\$MSI31Uninstall_KB893803v2$\reg00113
c:\windows\$MSI31Uninstall_KB893803v2$\reg00114
c:\windows\$MSI31Uninstall_KB893803v2$\reg00115
c:\windows\$MSI31Uninstall_KB893803v2$\reg00116
c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf
c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt
c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
c:\windows\system32\lvci1201278.dll
c:\windows\TEMP\logishrd\LVPrcInj02.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-17 21:03 . 2011-09-17 21:03 -------- d-----w- C:\$AVG
2011-09-17 13:45 . 2011-09-17 13:45 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-17 13:45 . 2011-09-17 13:45 -------- d-----w- c:\program files\Trend Micro
2011-09-16 02:08 . 2011-09-16 02:09 -------- d-----w- C:\0b3ee15374103f2afa7b3b4c
2011-09-15 14:48 . 2010-03-10 11:28 602912 ----a-r- c:\windows\system32\drivers\RTL8192su.sys
2011-09-12 17:36 . 2011-09-12 17:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-12 17:36 . 2011-09-12 17:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-09-09 15:34 . 2011-09-09 15:34 -------- d-----w- c:\program files\Windows Media Connect 2
2011-09-09 15:34 . 2011-09-09 15:35 -------- d-----w- C:\99b0d89832cfad2ede99
2011-09-09 15:33 . 2006-10-19 02:47 276992 ------w- c:\windows\system32\audiodev.dll
2011-09-09 15:33 . 2011-09-09 15:34 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-09-09 15:33 . 2011-09-09 15:33 -------- d-----w- c:\windows\system32\LogFiles
2011-09-08 23:40 . 2011-06-16 22:53 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-09-08 23:40 . 2011-06-16 22:53 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-09-08 23:40 . 2011-06-16 22:53 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-09-08 23:36 . 2011-09-08 23:36 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-09-07 14:41 . 2011-09-07 14:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-07 14:40 . 2011-09-07 14:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-09-07 14:39 . 2011-09-07 14:40 -------- d-----w- c:\program files\QuickTime
2011-09-07 14:39 . 2011-09-07 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-09-07 14:39 . 2011-09-07 14:39 -------- d-----w- c:\program files\Common Files\Apple
2011-09-07 14:38 . 2011-09-07 14:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2011-09-07 14:38 . 2011-09-07 14:38 -------- d-----w- c:\program files\Apple Software Update
2011-09-07 14:38 . 2011-09-07 14:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2011-08-23 19:05 . 2011-08-23 19:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\Temp
2011-08-22 18:25 . 2011-09-08 23:44 -------- d-----w- c:\windows\system32\kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-10 02:00 . 2011-07-28 02:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 22:00 . 2011-03-18 20:03 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-09-01 14:16 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conime"="c:\windows\system32\conime.exe" [2004-08-04 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-14 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [9/5/2011 5:00 PM 393648]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [3/18/2011 3:38 PM 540184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 4:23 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 4:23 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 4:23 PM 27216]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [9/15/2011 9:48 AM 602912]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 9:26 AM 1025352]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475736484-2603938691-1109610818-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 02:09]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3475736484-2603938691-1109610818-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 02:09]
.
2011-09-18 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\AiO\Center\Kodak.Statistics.exe [2011-09-05 22:00]
.
2011-09-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-03-18 20:45]
.
2011-09-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-03-18 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.102.161.227 75.102.160.227
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-18 22:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3475736484-2603938691-1109610818-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,4f,09,89,84,c0,75,42,8c,bb,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,4f,09,89,84,c0,75,42,8c,bb,40,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-09-18 22:21:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-19 03:21
.
Pre-Run: 48,656,187,392 bytes free
Post-Run: 48,988,450,816 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 4A04C19E8B2A27B71A359FD0FA93C6B9

#8
Essexboy

Posted 19 September 2011 - 11:18 AM

GeekU Moderator

Retired Staff
69,964 posts

What are your current problems please

#9
cancer1965

Posted 19 September 2011 - 06:47 PM

Member

Topic Starter
Member
10 posts

Whenever I go into a site online to watch movies/tv shows, etc. Audio ads play in the background and I can't get them to stop. I check systray, regedit RUN files, everything. They continue to run and it disrupts the programs I am trying to watch....very frustrating.

#10
cancer1965

Posted 20 September 2011 - 10:54 AM

Member

Topic Starter
Member
10 posts

Did you have any more ideas about what might be causing this issue or what I could do to stop it??

#11
Essexboy

Posted 20 September 2011 - 11:22 AM

GeekU Moderator

Retired Staff
69,964 posts

Is it on any specific site that this occurs or is it random ?

Please read carefully and follow these steps.

DownloadTDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#12
cancer1965

Posted 20 September 2011 - 07:58 PM

Member

Topic Starter
Member
10 posts

Happens on zmovie and tvduck sites when I try to watch tvshows and movies.....

#13
cancer1965

Posted 21 September 2011 - 08:30 AM

Member

Topic Starter
Member
10 posts

I ran that last malware/virus program you recommended...kaspersky? No malware was found....

#14
Essexboy

Posted 21 September 2011 - 11:18 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmmm I am unable to access the first link as my AV does not like it, and the second shows a fair few different sites to stream from. If it is just happeneing on those sites it may be a part of the site build..

As it is I can see no apparent malware on your system, but if you wish I can dig deeper

#15
cancer1965

Posted 21 September 2011 - 07:54 PM

Member

Topic Starter
Member
10 posts

Well....I appreciate all your time and effort on this issue. If I don't have any spyware or issues with my system. Can you suggest any workarounds to the issues on the site? Any popup blockers or anything like that? Or how about a different site for tv/movies, etc? Otherwise, I thank you for your time essexboy....and thanks again!