# Iminent infection



## Ditteaux (Feb 6, 2013)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 2038 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
Hard Drives: C: Total - 98813 MB, Free - 57312 MB; D: Total - 14615 MB, Free - 1298 MB;
Motherboard: Hewlett-Packard, 30A8
Antivirus: AVG Anti-Virus Free Edition 2013, Updated: Yes, On-Demand Scanner: Enabled

I've had this iminent infection for about six weeks. The computer is slowing down but no major problems yet. Except the post box and TSG keeps shutting down by itself. I have had to post SIX times to get everything up.------My first post says SIX replies but really I have NO REPLIES YET. There is more info after the scan logs.


----------



## Ditteaux (Feb 6, 2013)

Re: Iminent infection - I had to start over because the post box AND TSG closed by itself 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:35:18 PM, on 2/19/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Valued Customer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EKStatusMonitor] C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CAF6E3C2F867DCCF97853FB147A61702DEF3FBF5._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [FreeCT] C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: S10 Autologin - C:\Program Files\S10 Password Vault\AutologinIE.htm
O8 - Extra context menu item: S10 Autotype... - C:\Program Files\S10 Password Vault\AutotypeIE.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://www.hulu.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.11/uploader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1360213034431
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: Google Update Service (gupdate1c9b3e1d16862e4) (gupdate1c9b3e1d16862e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdd_device - Unknown owner - C:\WINDOWS\system32\lxddcoms.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

--
End of file - 12156 bytes


----------



## Ditteaux (Feb 6, 2013)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/29/2006 1:38:23 PM
System Uptime: 2/19/2013 2:48:28 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30A8
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U1 | 1828/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 96 GiB total, 56.058 GiB free.
D: is FIXED (FAT32) - 14 GiB total, 1.268 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\15FB4084683F0200
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\15FB4084683F0200
Service: NIC1394
.
Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A5103C&REV_00\4&2EC23395&0&32F0
Manufacturer: 
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A5103C&REV_00\4&2EC23395&0&32F0
Service: 
.
==== System Restore Points ===================
.
RP1291: 2/1/2013 1:05:50 AM - System Checkpoint
RP1292: 2/1/2013 2:10:31 AM - Installed NetWaiting
RP1293: 2/1/2013 2:10:45 AM - Installed NetWaiting
RP1294: 2/1/2013 2:11:10 AM - Installed NetWaiting
RP1295: 2/2/2013 12:34:33 AM - Removed U3Launcher
RP1296: 2/2/2013 5:20:02 PM - Installed Java(TM) 6 Update 39
RP1297: 2/4/2013 12:17:11 PM - System Checkpoint
RP1298: 2/5/2013 3:03:09 PM - System Checkpoint
RP1299: 2/5/2013 8:18:31 PM - Restore Operation
RP1300: 2/6/2013 11:30:34 PM - Restore Point before Corrupt Patch Registry keys
RP1301: 2/6/2013 11:45:02 PM - December 10, 2012
RP1302: 2/7/2013 12:03:19 AM - Software Distribution Service 3.0
RP1303: 2/8/2013 7:04:08 AM - System Checkpoint
RP1304: 2/10/2013 12:07:09 AM - System Checkpoint
RP1305: 2/11/2013 12:48:41 AM - System Checkpoint
RP1306: 2/11/2013 5:22:00 AM - Removed Apple Application Support
RP1307: 2/11/2013 5:24:21 AM - Removed Apple Mobile Device Support
RP1308: 2/11/2013 5:26:11 AM - Removed Bonjour
RP1309: 2/11/2013 5:27:37 AM - Configured easy Internet sign-up
RP1310: 2/11/2013 5:39:10 AM - Removed QuickTime
RP1311: 2/11/2013 5:39:48 AM - Removed RAW FILE CONVERTER LE
RP1312: 2/11/2013 5:40:22 AM - Removed Sonic Audio Module
RP1313: 2/11/2013 5:40:43 AM - Removed Sonic Copy Module
RP1314: 2/11/2013 5:41:29 AM - Removed Sonic Data Module
RP1315: 2/11/2013 5:42:00 AM - Removed Sonic Express Labeler
RP1316: 2/11/2013 5:42:38 AM - Removed Sonic Update Manager
RP1317: 2/11/2013 5:42:52 AM - Removed SonicAC3Encoder
RP1318: 2/11/2013 5:43:02 AM - Removed SonicMPEGEncoder
RP1319: 2/11/2013 5:43:27 AM - Removed TourSetup
RP1320: 2/11/2013 5:43:40 AM - Removed Windows 7 Upgrade Advisor
RP1321: 2/11/2013 5:43:54 AM - Removed Windows 7 USB/DVD Download Tool
RP1322: 2/11/2013 5:44:56 AM - Configured Customer Experience Enhancement
RP1323: 2/11/2013 5:46:19 AM - Removed NetWaiting
RP1324: 2/13/2013 2:43:52 AM - System Checkpoint
RP1325: 2/13/2013 8:12:16 PM - Software Distribution Service 3.0
RP1326: 2/15/2013 3:05:07 PM - System Checkpoint
RP1327: 2/16/2013 4:33:37 PM - System Checkpoint
RP1328: 2/18/2013 3:42:01 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
aioscnnr
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
C4USelfUpdater
Camera Driver
center
Conexant HD Audio
Document Express DjVu Plug-in
DriverAgent by TouchStone Software
essentials
FinePixViewer Ver.4.2
Free Countdown Timer 2.7.2
FUJIFILM USB Driver
getPlus(R)_ocx
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
HP Help and Support
HP Product Detection
HP Update
HP User Guides--System Recovery
HP User Guides 0019
HP Wireless Assistant 2.00 E1
HpSdpAppCoreApp
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Internet Explorer (Enable DEP)
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 3
Java(TM) 6 Update 39
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Kodak AIO Printer
KODAK AiO Software
LightScribe 1.4.105.1
Lizardtech DjVu Control (autoinstall)
Macromedia Flash Player 8
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft IntelliPoint 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft Media Manager 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MicroStaff WINASPI
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
ocr
Office 2003 Trial Assistant
Picasa 3
PreReq
Samsung USB Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Segoe UI
Shipping Assistant 3.6
Skype Click to Call
Skype™ 6.1
SonicAC3Encoder
SonicMPEGEncoder
swMSM
The Weather Channel App
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Vongo
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1
Windows Presentation Foundation
Windows XP Service Pack 3
Wireless Home Network Setup
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/14/2013 2:39:57 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The specified driver is invalid.
2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The lxdd_device service failed to start due to the following error: The system cannot find the file specified.
2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
2/13/2013 7:35:07 PM, error: Dhcp [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 001302BE67A2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/13/2013 5:32:47 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/13/2013 4:28:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cron Service for Prey service to connect.
2/13/2013 4:28:00 PM, error: Service Control Manager [7000] - The Cron Service for Prey service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


----------



## Ditteaux (Feb 6, 2013)

I had to start over again because TSG keeps closing. Here is the next log:
GMER 2.1.18952 - http://www.gmer.net
Rootkit scan 2013-02-20 13:14:53
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.892C 111.79GB
Running: tn3bqupj.exe; Driver: C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\fgndrkog.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA4E1114A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA4E1121A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA4E10D7C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0xA4E10F6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0xA4E11000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA4E10E32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA4E10ECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA4E1109C]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED62 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EDD3 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryAttributesFile + B  7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EF01 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, 86, 00] {SUB AH, AL; XCHG [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, 86, 00] {SUB BH, AL; XCHG [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, 86, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, 86, 00] {TEST AL, 0xc5; XCHG [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915CDE 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, 86, 00] {TEST AL, 0xc6; XCHG [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, 86, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, 86, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915D4F 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, 86, 00] {TEST AL, 0xc4; XCHG [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915E7D 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, 86, 00] {SUB CH, AL; XCHG [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, 86, 00] {SUB DH, AL; XCHG [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, 86, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\system32\SearchIndexer.exe[3124] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcess + B  7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DB8A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DBFB 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DD29 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp  fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 2.1 ----

Service C:\WINDOWS\system32 (*** hidden *** ) [AUTO] MCSTRM <-- ROOTKIT !!!

---- EOF - GMER 2.1 ----


----------



## Ditteaux (Feb 6, 2013)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/29/2006 1:38:23 PM
System Uptime: 2/19/2013 2:48:28 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30A8
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U1 | 1828/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 96 GiB total, 56.058 GiB free.
D: is FIXED (FAT32) - 14 GiB total, 1.268 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\15FB4084683F0200
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\15FB4084683F0200
Service: NIC1394
.
Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A5103C&REV_00\4&2EC23395&0&32F0
Manufacturer: 
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A5103C&REV_00\4&2EC23395&0&32F0
Service: 
.
==== System Restore Points ===================
.
RP1291: 2/1/2013 1:05:50 AM - System Checkpoint
RP1292: 2/1/2013 2:10:31 AM - Installed NetWaiting
RP1293: 2/1/2013 2:10:45 AM - Installed NetWaiting
RP1294: 2/1/2013 2:11:10 AM - Installed NetWaiting
RP1295: 2/2/2013 12:34:33 AM - Removed U3Launcher
RP1296: 2/2/2013 5:20:02 PM - Installed Java(TM) 6 Update 39
RP1297: 2/4/2013 12:17:11 PM - System Checkpoint
RP1298: 2/5/2013 3:03:09 PM - System Checkpoint
RP1299: 2/5/2013 8:18:31 PM - Restore Operation
RP1300: 2/6/2013 11:30:34 PM - Restore Point before Corrupt Patch Registry keys
RP1301: 2/6/2013 11:45:02 PM - December 10, 2012
RP1302: 2/7/2013 12:03:19 AM - Software Distribution Service 3.0
RP1303: 2/8/2013 7:04:08 AM - System Checkpoint
RP1304: 2/10/2013 12:07:09 AM - System Checkpoint
RP1305: 2/11/2013 12:48:41 AM - System Checkpoint
RP1306: 2/11/2013 5:22:00 AM - Removed Apple Application Support
RP1307: 2/11/2013 5:24:21 AM - Removed Apple Mobile Device Support
RP1308: 2/11/2013 5:26:11 AM - Removed Bonjour
RP1309: 2/11/2013 5:27:37 AM - Configured easy Internet sign-up
RP1310: 2/11/2013 5:39:10 AM - Removed QuickTime
RP1311: 2/11/2013 5:39:48 AM - Removed RAW FILE CONVERTER LE
RP1312: 2/11/2013 5:40:22 AM - Removed Sonic Audio Module
RP1313: 2/11/2013 5:40:43 AM - Removed Sonic Copy Module
RP1314: 2/11/2013 5:41:29 AM - Removed Sonic Data Module
RP1315: 2/11/2013 5:42:00 AM - Removed Sonic Express Labeler
RP1316: 2/11/2013 5:42:38 AM - Removed Sonic Update Manager
RP1317: 2/11/2013 5:42:52 AM - Removed SonicAC3Encoder
RP1318: 2/11/2013 5:43:02 AM - Removed SonicMPEGEncoder
RP1319: 2/11/2013 5:43:27 AM - Removed TourSetup
RP1320: 2/11/2013 5:43:40 AM - Removed Windows 7 Upgrade Advisor
RP1321: 2/11/2013 5:43:54 AM - Removed Windows 7 USB/DVD Download Tool
RP1322: 2/11/2013 5:44:56 AM - Configured Customer Experience Enhancement
RP1323: 2/11/2013 5:46:19 AM - Removed NetWaiting
RP1324: 2/13/2013 2:43:52 AM - System Checkpoint
RP1325: 2/13/2013 8:12:16 PM - Software Distribution Service 3.0
RP1326: 2/15/2013 3:05:07 PM - System Checkpoint
RP1327: 2/16/2013 4:33:37 PM - System Checkpoint
RP1328: 2/18/2013 3:42:01 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
aioscnnr
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
C4USelfUpdater
Camera Driver
center
Conexant HD Audio
Document Express DjVu Plug-in
DriverAgent by TouchStone Software
essentials
FinePixViewer Ver.4.2
Free Countdown Timer 2.7.2
FUJIFILM USB Driver
getPlus(R)_ocx
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
HP Help and Support
HP Product Detection
HP Update
HP User Guides--System Recovery
HP User Guides 0019
HP Wireless Assistant 2.00 E1
HpSdpAppCoreApp
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Internet Explorer (Enable DEP)
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 3
Java(TM) 6 Update 39
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Kodak AIO Printer
KODAK AiO Software
LightScribe 1.4.105.1
Lizardtech DjVu Control (autoinstall)
Macromedia Flash Player 8
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft IntelliPoint 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft Media Manager 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MicroStaff WINASPI
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
ocr
Office 2003 Trial Assistant
Picasa 3
PreReq
Samsung USB Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Segoe UI
Shipping Assistant 3.6
Skype Click to Call
Skype™ 6.1
SonicAC3Encoder
SonicMPEGEncoder
swMSM
The Weather Channel App
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Vongo
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1
Windows Presentation Foundation
Windows XP Service Pack 3
Wireless Home Network Setup
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/14/2013 2:39:57 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The specified driver is invalid.
2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The lxdd_device service failed to start due to the following error: The system cannot find the file specified.
2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
2/13/2013 7:35:07 PM, error: Dhcp [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 001302BE67A2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/13/2013 5:32:47 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/13/2013 4:28:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cron Service for Prey service to connect.
2/13/2013 4:28:00 PM, error: Service Control Manager [7000] - The Cron Service for Prey service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


----------



## Ditteaux (Feb 6, 2013)

Hello, Ditteaux here, The problem is that I type a couple paragraphs in the post box and TSG goes offline by itself. I have started over several times then posted in short bursts - one scan log at a time. So sorry for the inconvenience. I don't know how else to do it. Computer has been slowing down some - but no major problems till right now. I guess the iminent infection explains the problem. Please let me know what I can do. Thanks in advance. D


----------



## Ditteaux (Feb 6, 2013)

Hello, Ditteaux again, I have been to device mgr, I have deleted many old programs and many old files, disabled unnecessary extensions. System restore will not go back beyond Feb 1 2013, so no help there. I purchased this computer nearly 5 years ago and had no serious problems I couldn't solve till now. Please let me know if there is anything I can do to help. Thanks in advance Bob


----------



## Cookiegal (Aug 27, 2003)

You posted the attach.txt log from DDD twice. Please post the dds.txt log.

Also, please do the following:

Please run the MGA Diagnostic Tool and post back the report it creates:
Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


----------



## Ditteaux (Feb 6, 2013)

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Valued Customer at 15:46:36 on 2013-02-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1128 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Valued Customer\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: UnfriendApp: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [CAF6E3C2F867DCCF97853FB147A61702DEF3FBF5._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [FreeCT] c:\program files\freecountdowntimer\FreeCountdownTimer.exe -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [Google Update] "c:\documents and settings\valued customer\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [Conime] c:\windows\system32\conime.exe
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: S10 Autologin - c:\program files\s10 password vault\AutologinIE.htm
IE: S10 Autotype... - c:\program files\s10 password vault\AutotypeIE.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.11/uploader2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360213034431
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1 74.128.17.114 74.128.19.102
TCP: Interfaces\{03D87BB8-5C6E-4171-A518-8F4560DF8011} : DHCPNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
TCP: Interfaces\{0A63B704-721E-4354-B504-245812ECA024} : DHCPNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 164832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-1-27 54760]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-19 47640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 MMIndexer;Media Manager Indexer;c:\program files\common files\microsoft shared\media manager\AIRSVCU.EXE [1997-7-14 136704]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
S2 gupdate1c9b3e1d16862e4;Google Update Service (gupdate1c9b3e1d16862e4);c:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-24 30576]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-21 13024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-02-19 01:27:26	29	----a-w-	c:\windows\system32\TempWmicBatchFile.bat
2013-02-08 11:44:07	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-08 11:44:04	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55:44	552448	------w-	c:\windows\system32\oleaut32.dll
2013-01-15 21:56:10	477616	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-01-15 21:56:07	473520	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-15 20:14:01	73728	----a-w-	c:\windows\system32\javacpl.cpl
2013-01-07 01:19:45	2148864	------w-	c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01	2027520	------w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00	1867264	------w-	c:\windows\system32\win32k.sys
2013-01-02 06:49:10	1292288	----a-w-	c:\windows\system32\quartz.dll
2012-12-30 08:37:55	13024	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2012-12-26 20:16:29	916480	----a-w-	c:\windows\system32\wininet.dll
2012-12-26 20:16:28	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59	385024	----a-w-	c:\windows\system32\html.iec
2012-12-16 12:23:59	290560	----a-w-	c:\windows\system32\atmfd.dll
.
============= FINISH: 15:52:05.06 ===============


----------



## Cookiegal (Aug 27, 2003)

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## Ditteaux (Feb 6, 2013)

Hi, I ran the MGA Diag.exe and copied to clipboard but clpbrd does not offer e SHARE option


----------



## Ditteaux (Feb 6, 2013)

# AdwCleaner v2.112 - Logfile created 02/22/2013 at 13:07:10
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Valued Customer - YOUR-252739F5C3
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Valued Customer\My Documents\Downloads\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\user.js
File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found : C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\BabylonToolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\Valued Customer\Application Data\Babylon
Folder Found : C:\Documents and Settings\Valued Customer\Application Data\PriceGong
Folder Found : C:\Documents and Settings\Valued Customer\Application Data\Toolbar4
Folder Found : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Ilivid Player
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\FunWebProducts

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2391419
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\FunWebProducts
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7ABD4437-12A5-4644-A954-F83B3FBE7FBF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.15] : homepage = "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94",
Found [l.19] : urls_to_restore_on_startup = [ "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94", "hxxp://www.google.com/ig" ]
Found [l.1925] : homepage = "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94",
Found [l.2882] : urls_to_restore_on_startup = [ "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94", "hxxp://www.google.com/ig" ]

*************************

AdwCleaner[R1].txt - [10969 octets] - [22/02/2013 13:07:10]

########## EOF - C:\AdwCleaner[R1].txt - [11030 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

When the MGA Diagnostic report is copied to the clipboard you just need to open a reply here and paste it in. If you can't do that then save it to a Notepad file and then open that and copy and paste the log here.


----------



## Ditteaux (Feb 6, 2013)

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-9TCCK-JPCBM-B2FQ8
Windows Product Key Hash: B/IohRcCzV6LJrex8WpCdnxgTvg=
Windows Product ID: 76487-OEM-2211906-00803
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.med
ID: {91A75204-7D2A-44A6-AAC7-DF71819F56CD}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{91A75204-7D2A-44A6-AAC7-DF71819F56CD}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B2FQ8</PKey><PID>76487-OEM-2211906-00803</PID><PIDType>2</PIDType><SID>S-1-5-21-122302908-1542226243-4210850061</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv5000 (EZ406UA#ABA) </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.23</Version><SMBIOSVersion major="2" minor="4"/><Date>20070413000000.000000+000</Date><SLPBIOS>Compaq,Hewlett,Hewlett,Compaq</SLPBIOS></BIOS><HWID>14003207018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>HP</name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 3828:Compaq Computer Corporation|1357B:Compaq Computer Corporation|1357B:Compaq Computer Corporation|3828:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: Compaq,Hewlett,Hewlett,Compaq

OEM Activation 2.0 Data-->
N/A


----------



## Ditteaux (Feb 6, 2013)

Hi, Great tip. I saved MGD diag log as a notepad file then - easy to copy and paste Thanx Cookiegal. Hey, I just read an Adobe Company release about a security patch coming out v.soon to plug a hole in clipboard. Just saying... Bob


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## Ditteaux (Feb 6, 2013)

Hello, I ran TDSSKiller twice, produced two scan report logs but could not 'COPY' My mouse and computer buttons simply do not work on that site or program. I tested "COPY" function after and it works fine... But for the record the scan result showed '0' infections... Bob


----------



## Cookiegal (Aug 27, 2003)

Please run AdwCleaner again and this time select the option to "delete" and post the resulting log.


----------



## Ditteaux (Feb 6, 2013)

# AdwCleaner v2.113 - Logfile created 02/24/2013 at 12:13:06
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Valued Customer - YOUR-252739F5C3
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Valued Customer\My Documents\Downloads\AdwCleaner (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\BabylonToolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Valued Customer\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Valued Customer\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Valued Customer\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FunWebProducts

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2391419
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7ABD4437-12A5-4644-A954-F83B3FBE7FBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : homepage = "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94",
Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-6[...]
Deleted [l.1925] : homepage = "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94",
Deleted [l.2952] : urls_to_restore_on_startup = [ "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D5[...]

*************************

AdwCleaner[R1].txt - [11100 octets] - [22/02/2013 13:07:10]
AdwCleaner[S1].txt - [11323 octets] - [24/02/2013 12:13:06]

########## EOF - C:\AdwCleaner[S1].txt - [11384 octets] ##########


----------



## Ditteaux (Feb 6, 2013)

Hello, Looks like it's gone. I believe you have DONE IT. I will look around and be sure, then get back to you Tx.


----------



## Cookiegal (Aug 27, 2003)

There will be more to do so please stay with me.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## Ditteaux (Feb 6, 2013)

Hi, OK, I'm with you.


----------



## Cookiegal (Aug 27, 2003)

Great. I'll wait for the ComboFix report.


----------



## Ditteaux (Feb 6, 2013)

ComboFix 13-02-24.01 - Valued Customer 02/24/2013 14:08:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1237 [GMT -5:00]
Running from: c:\documents and settings\Valued Customer\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPL22.tmp
c:\documents and settings\All Users\SPL4DE.tmp
c:\documents and settings\All Users\SPL571.tmp
c:\documents and settings\All Users\SPL65.tmp
c:\documents and settings\All Users\SPLB0A.tmp
c:\documents and settings\Valued Customer\Application Data\1&1
c:\documents and settings\Valued Customer\Application Data\1&1\1&1 EasyLogin\customer.xml
c:\documents and settings\Valued Customer\Application Data\1&1\1&1 EasyLogin\EasyLogin.log
c:\documents and settings\Valued Customer\Application Data\1&1\1&1 EasyLogin\update\EasyLogin_setup_US.exe
c:\documents and settings\Valued Customer\Application Data\Otto
c:\documents and settings\Valued Customer\Application Data\Otto\config.set
c:\documents and settings\Valued Customer\Application Data\RegistrySmart
c:\documents and settings\Valued Customer\Application Data\RegistrySmart\Log\2007 Dec 31 - 02_29_25 PM_578.log
c:\documents and settings\Valued Customer\Application Data\RegistrySmart\Log\2007 Dec 31 - 02_29_27 PM_937.log
c:\documents and settings\Valued Customer\Application Data\RegistrySmart\Log\2007 Dec 31 - 11_03_45 AM_031.log
c:\documents and settings\Valued Customer\Application Data\RegistrySmart\Log\2007 Dec 31 - 11_03_47 AM_953.log
c:\documents and settings\Valued Customer\Application Data\RegistrySmart\Log\2007 Dec 31 - 11_22_15 AM_656.log
c:\documents and settings\Valued Customer\Application Data\RegistrySmart\Log\2007 Dec 31 - 11_22_21 AM_765.log
c:\documents and settings\Valued Customer\Application Data\RegistrySmart\Log\2007 Dec 31 - 12_55_33 PM_375.log
c:\documents and settings\Valued Customer\Application Data\RegistrySmart\Log\2007 Dec 31 - 12_55_40 PM_234.log
c:\documents and settings\Valued Customer\Application Data\RegistrySmart\Registry Backups\2007-12-31_11-27-39.reg
c:\documents and settings\Valued Customer\GoToAssistDownloadHelper.exe
C:\LOG100A.tmp
C:\LOG134.tmp
C:\LOG1459.tmp
C:\LOG146F.tmp
C:\LOG284.tmp
C:\LOG2C5.tmp
C:\LOG8E.tmp
C:\LOGD2.tmp
C:\LOGDE.tmp
c:\windows\system32\SET10.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-01-24 to 2013-02-24 )))))))))))))))))))))))))))))))
.
.
2013-02-23 22:59 . 2013-02-23 22:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-22 13:51 . 2013-02-22 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2013-02-18 18:19 . 2013-02-18 18:20 11004488 ----a-w- c:\program files\Common Files\lpuninstall.exe
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-07 05:19 . 2013-02-07 05:19 -------- d-----w- c:\program files\Microsoft ATS
2013-02-07 05:03 . 2013-02-07 05:03 -------- d-----w- c:\windows\system32\winrm
2013-02-07 05:03 . 2013-02-07 05:04 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-02-07 04:31 . 2013-02-07 04:31 -------- dc----w- C:\MATS
2013-01-29 21:14 . 2013-01-29 21:14 -------- d-----w- c:\documents and settings\Valued Customer\.swt
2013-01-28 14:43 . 2013-01-28 14:43 -------- d-----w- c:\program files\FreeCountdownTimer
2013-01-27 13:13 . 2013-01-27 13:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2013-01-27 13:13 . 2012-08-23 16:31 32120 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-27 13:10 . 2013-01-27 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2013-01-27 13:09 . 2013-01-27 13:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-01-26 21:21 . 2013-01-26 21:23 -------- d-----w- c:\documents and settings\Valued Customer\Application Data\Free Sound Recorder
2013-01-26 21:11 . 2013-01-26 21:14 -------- d-----w- c:\documents and settings\Valued Customer\Local Settings\Application Data\Updater21804
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-24 18:57 . 2012-03-14 16:27 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-02-23 22:58 . 2008-02-09 14:56 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-23 22:58 . 2012-06-17 17:16 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-23 22:58 . 2010-05-24 04:24 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-20 14:29 . 2012-06-07 15:50 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-20 14:29 . 2011-05-14 07:30 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2004-08-10 15:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2004-08-10 15:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-10 15:00 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-10 15:00 1867264 ------w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-30 12:13 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-30 08:37 . 2012-08-21 14:03 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-12-26 20:16 . 2004-08-10 15:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-10 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-10 15:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-10 15:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-10 15:00 290560 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-19 68856]
"CAF6E3C2F867DCCF97853FB147A61702DEF3FBF5._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"FreeCT"="c:\program files\FreeCountdownTimer\FreeCountdownTimer.exe" [2012-12-17 2107304]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-02-19 13105848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"EKStatusMonitor"="c:\program files\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe" [2012-10-15 2844608]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2013-2-18 11004488]
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-07 23:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
"cdloader"="c:\documents and settings\Valued Customer\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
"Spotify Web Helper"="c:\documents and settings\Valued Customer\Application Data\Spotify\Data\SpotifyWebHelper.exe"
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Conime"=%windir%\system32\conime.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"EKStatusMonitor"=c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Valued Customer\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Documents and Settings\\Valued Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"94:TCP"= 94:TCP:*isabled:VRS Recording System Web Control Panel
"9322:TCP"= 9322:TCP:EKDiscovery
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 3:50 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 12:56 PM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 12:32 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 12:32 PM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 164832]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2/15/2011 11:01 AM 19968]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [10/19/2012 1:51 PM 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [10/15/2012 10:58 AM 779200]
R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/14/1997 11:00 PM 136704]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [8/23/2012 11:31 AM 1532280]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [7/4/2012 3:26 PM 10088]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904]
S2 gupdate1c9b3e1d16862e4;Google Update Service (gupdate1c9b3e1d16862e4);c:\program files\Google\Update\GoogleUpdate.exe [4/2/2009 5:24 PM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [11/22/2012 10:29 AM 3290304]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/24/2010 2:08 PM 30576]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/21/2012 9:03 AM 13024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 09:25 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 14:29]
.
2013-02-14 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 22:24]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 22:24]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005Core.job
- c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-16 14:57]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005UA.job
- c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-16 14:57]
.
2013-02-24 c:\windows\Tasks\User_Feed_Synchronization-{93569A66-A285-4B40-A523-6AAED93BF3BB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: S10 Autologin - c:\program files\S10 Password Vault\AutologinIE.htm
IE: S10 Autotype... - c:\program files\S10 Password Vault\AutotypeIE.htm
Trusted Zone: google.com\www
Trusted Zone: hulu.com\www
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-24 14:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MCSTRM]
"ImagePath"="\??\c:\windows\system32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\LMIinit.dll
.
Completion time: 2013-02-24 14:18:55
ComboFix-quarantined-files.txt 2013-02-24 19:18
.
Pre-Run: 59,668,959,232 bytes free
Post-Run: 60,763,770,880 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 7515945E6415D036404009F8C51444CB


----------



## Cookiegal (Aug 27, 2003)

Did you download these intentionally?

FreeCountdownTimer
Free Sound Recorder

Do you recognize this batch file and can you tell me what it was for?

c:\windows\system32\TempWmicBatchFile.bat

Did you put these in the Trusted Zone intentionally?

Trusted Zone: google.com\www
Trusted Zone: hulu.com\www

I would remove them as doing that gives them permission to override security measures on your computer.

Open Notepad and copy and paste the text in the code box below into it:


```
Folder::
c:\documents and settings\Valued Customer\Local Settings\Application Data\Updater21804

DirLook::
c:\documents and settings\Valued Customer\.swt
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## Ditteaux (Feb 6, 2013)

Yes, I downloaded FreeCountdownTimer and Free Sound Recorder - Free Sound Recorder is useless and not needed........... I do not recognize this file, nor do I know what it was for. - c:\windows\system32\TempWmicBatchFile.bat - I did put Google.com & Hulu in trusted zone. I will NOW remove Google & Hulu from trusted zone and continue w/program. Bob


----------



## Cookiegal (Aug 27, 2003)

Please navigate to this file:

c:\windows\system32\*TempWmicBatchFile.bat*

Right-click the file and select "edit". This will open the contents up in Notepad. Please copy and paste it here then simply close the Notepad file.


----------



## Ditteaux (Feb 6, 2013)

ComboFix 13-02-24.01 - Valued Customer 02/24/2013 16:21:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1187 [GMT -5:00]
Running from: c:\documents and settings\Valued Customer\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Valued Customer\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Valued Customer\Local Settings\Application Data\Updater21804
.
.
((((((((((((((((((((((((( Files Created from 2013-01-24 to 2013-02-24 )))))))))))))))))))))))))))))))
.
.
2013-02-23 22:59 . 2013-02-23 22:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-22 13:51 . 2013-02-22 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2013-02-18 18:19 . 2013-02-18 18:20 11004488 ----a-w- c:\program files\Common Files\lpuninstall.exe
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-07 05:19 . 2013-02-07 05:19 -------- d-----w- c:\program files\Microsoft ATS
2013-02-07 05:03 . 2013-02-07 05:03 -------- d-----w- c:\windows\system32\winrm
2013-02-07 05:03 . 2013-02-07 05:04 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-02-07 04:31 . 2013-02-07 04:31 -------- dc----w- C:\MATS
2013-01-29 21:14 . 2013-01-29 21:14 -------- d-----w- c:\documents and settings\Valued Customer\.swt
2013-01-27 13:13 . 2013-01-27 13:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2013-01-27 13:13 . 2012-08-23 16:31 32120 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-27 13:10 . 2013-01-27 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2013-01-27 13:09 . 2013-01-27 13:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-01-26 21:21 . 2013-01-26 21:23 -------- d-----w- c:\documents and settings\Valued Customer\Application Data\Free Sound Recorder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-24 21:17 . 2012-03-14 16:27 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-02-23 22:58 . 2008-02-09 14:56 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-23 22:58 . 2012-06-17 17:16 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-23 22:58 . 2010-05-24 04:24 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-20 14:29 . 2012-06-07 15:50 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-20 14:29 . 2011-05-14 07:30 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2004-08-10 15:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2004-08-10 15:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-10 15:00 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-10 15:00 1867264 ------w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-30 12:13 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-30 08:37 . 2012-08-21 14:03 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-12-26 20:16 . 2004-08-10 15:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-10 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-10 15:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-10 15:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-10 15:00 290560 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Valued Customer\.swt ----
.
2013-01-29 21:14 . 2013-01-29 21:14 118784 ----a-w- c:\documents and settings\Valued Customer\.swt\lib\win32\x86\swt-gdip-win32-3740.dll
2013-01-29 21:14 . 2013-01-29 21:14 430080 ----a-w- c:\documents and settings\Valued Customer\.swt\lib\win32\x86\swt-win32-3740.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-19 68856]
"CAF6E3C2F867DCCF97853FB147A61702DEF3FBF5._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-02-19 13105848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"EKStatusMonitor"="c:\program files\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe" [2012-10-15 2844608]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2013-2-18 11004488]
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-07 23:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
"cdloader"="c:\documents and settings\Valued Customer\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
"Spotify Web Helper"="c:\documents and settings\Valued Customer\Application Data\Spotify\Data\SpotifyWebHelper.exe"
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Conime"=%windir%\system32\conime.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"EKStatusMonitor"=c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Valued Customer\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Documents and Settings\\Valued Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:*isabled:Bonjour Port 5353
"94:TCP"= 94:TCP:*isabled:VRS Recording System Web Control Panel
"9322:TCP"= 9322:TCP:EKDiscovery
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 3:50 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 12:56 PM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 12:32 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 12:32 PM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 164832]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2/15/2011 11:01 AM 19968]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [10/19/2012 1:51 PM 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [10/15/2012 10:58 AM 779200]
R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/14/1997 11:00 PM 136704]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [8/23/2012 11:31 AM 1532280]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [7/4/2012 3:26 PM 10088]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904]
S2 gupdate1c9b3e1d16862e4;Google Update Service (gupdate1c9b3e1d16862e4);c:\program files\Google\Update\GoogleUpdate.exe [4/2/2009 5:24 PM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [11/22/2012 10:29 AM 3290304]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/24/2010 2:08 PM 30576]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/21/2012 9:03 AM 13024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 09:25 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 14:29]
.
2013-02-14 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 22:24]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 22:24]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005Core.job
- c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-16 14:57]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005UA.job
- c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-16 14:57]
.
2013-02-24 c:\windows\Tasks\User_Feed_Synchronization-{93569A66-A285-4B40-A523-6AAED93BF3BB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: S10 Autologin - c:\program files\S10 Password Vault\AutologinIE.htm
IE: S10 Autotype... - c:\program files\S10 Password Vault\AutotypeIE.htm
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-24 16:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MCSTRM]
"ImagePath"="\??\c:\windows\system32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(196)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\UnToAnsi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-02-24 16:29:17
ComboFix-quarantined-files.txt 2013-02-24 21:29
ComboFix2.txt 2013-02-24 19:18
.
Pre-Run: 60,771,147,776 bytes free
Post-Run: 60,778,627,072 bytes free
.
- - End Of File - - 253B54562ED06F35DC5F283550D42230
------------------------------------------------------------------------------------------------

I don't know how to navigate to that -- .bat file -- Bob


----------



## Cookiegal (Aug 27, 2003)

Please run the following on-line scanner.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## Ditteaux (Feb 6, 2013)

TempWmicBatchFile.bat --

ComputerSystem Get Username

--------------------------------------------------------------------------------------------------
Added by Ditteaux
In folder C:\Windows\system32
Size - 1Kb
Type MS-DOS Batch File
Date Modified 2/24/2013 6:17 PM


----------



## Cookiegal (Aug 27, 2003)

That looks like the properties of the file but not the contents. Did you right-click the file and select "edit"?


----------



## Ditteaux (Feb 6, 2013)

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=07663da72734624083922b2a86d2b468
# engine=13233
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-25 12:59:40
# local_time=2013-02-24 07:59:40 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1039 16777213 100 99 0 47944764 0 0
# scanned=108166
# found=0
# cleaned=0
# scan_time=4298


----------



## Ditteaux (Feb 6, 2013)

YES:


Cookiegal said:


> That looks like the properties of the file but not the contents. Did you right-click the file and select "edit"?


--Only 29 bytes in the file--
TempWmicBatchFile.bat


----------



## Cookiegal (Aug 27, 2003)

Yes but I need to know what's inside the file.


----------



## Ditteaux (Feb 6, 2013)

Cookiegal said:


> Yes but I need to know what's inside the file.


Hello, I finally got it open by right click on file name, then, clicking "Open Containing Folder". Inside are over 150 files and folders with the HEADING - system32 - Bob


----------



## Ditteaux (Feb 6, 2013)

Hi, CHECK that.. There are over a THOUSAND files and folders in that - .bat - file
Some of the folders have hundreds of files.


----------



## Cookiegal (Aug 27, 2003)

That's impossible. It's not a folder, it's a file and cannot contain other files. Did you follow my instructions to right-click it and select "edit"?


----------



## Ditteaux (Feb 6, 2013)

Hello, When I right click on --- TempWmicBatchFile.bat --- and click 'edit' a Notebook file opens. The Header of this Notepad file is [ TempWmicBatchFile.bat - Notepad.] The file reads - ComputerSystem Get Username -... The file is in folder -- C:\WINDOWS\system32 -- Size 1KB -- Type MS-DOS Batch File -...


----------



## Ditteaux (Feb 6, 2013)

Hi, With all due respect, I invite you into my computer to see for yourself.--------- The Thousand's of files and folders appeared when I right clicked TempWmicBatchFile.bat & then clicked "Open Containing Folder" They ARE -- system32 -- It is the folder that contains -- TempWmicBatchFile.bat ---.. I'm fine with you going in and looking around. If we can agree on a time & date to do it. Thank you so much for all your effort. I will try to be more helpful.. Bob


----------



## Cookiegal (Aug 27, 2003)

We do not allow remote assistance here for security reasons.

Yes but by clicking on "Open Containing Folder" you're opening the System32 folder and not the file I asked you to open. Your post above which followed my instructions actually shows the content of the file which is:

*"ComputerSystem Get Username"*

So it's a batch file that is used to get the name of the user who is currently logged in. The question is, why is this needed?

Is this a work computer?

Are you networked with other machines?


----------



## Ditteaux (Feb 6, 2013)

"ComputerSystem Get Username" --------- NOT NEEDED.
Is this a work computer? ----------------------- NO
Are you networked with other machines?--- NO


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
c:\windows\system32\TempWmicBatchFile.bat

Folder::
c:\documents and settings\Valued Customer\Application Data\Free Sound Recorder
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## Ditteaux (Feb 6, 2013)

ComboFix 13-02-26.01 - Valued Customer 02/27/2013 12:19:31.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1073 [GMT -5:00]
Running from: c:\documents and settings\Valued Customer\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Valued Customer\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\TempWmicBatchFile.bat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Valued Customer\Application Data\Free Sound Recorder
c:\documents and settings\Valued Customer\Application Data\Free Sound Recorder\frlst.dat
c:\documents and settings\Valued Customer\Application Data\Free Sound Recorder\frsys.dat
c:\windows\system32\TempWmicBatchFile.bat
.
.
((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-24 23:43 . 2013-02-24 23:43 -------- d-----w- c:\program files\ESET
2013-02-23 22:59 . 2013-02-23 22:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-22 13:51 . 2013-02-22 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2013-02-18 18:19 . 2013-02-18 18:20 11004488 ----a-w- c:\program files\Common Files\lpuninstall.exe
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-07 05:19 . 2013-02-07 05:19 -------- d-----w- c:\program files\Microsoft ATS
2013-02-07 05:03 . 2013-02-07 05:03 -------- d-----w- c:\windows\system32\winrm
2013-02-07 05:03 . 2013-02-07 05:04 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-02-07 04:31 . 2013-02-07 04:31 -------- dc----w- C:\MATS
2013-01-29 21:14 . 2013-01-29 21:14 -------- d-----w- c:\documents and settings\Valued Customer\.swt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 14:42 . 2012-06-07 15:50 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 14:42 . 2011-05-14 07:30 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-23 22:58 . 2008-02-09 14:56 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-23 22:58 . 2012-06-17 17:16 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-23 22:58 . 2010-05-24 04:24 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-26 03:55 . 2004-08-10 15:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2004-08-10 15:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-10 15:00 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-10 15:00 1867264 ------w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2005-08-30 12:13 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-30 08:37 . 2012-08-21 14:03 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-12-26 20:16 . 2004-08-10 15:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-10 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-10 15:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-10 15:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-10 15:00 290560 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-19 68856]
"GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-02-21 1274320]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-02-19 13105848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"EKStatusMonitor"="c:\program files\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe" [2012-10-15 2844608]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2013-2-18 11004488]
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-07 23:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
"cdloader"="c:\documents and settings\Valued Customer\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
"Spotify Web Helper"="c:\documents and settings\Valued Customer\Application Data\Spotify\Data\SpotifyWebHelper.exe"
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Conime"=%windir%\system32\conime.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"EKStatusMonitor"=c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Valued Customer\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Documents and Settings\\Valued Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:*isabled:Bonjour Port 5353
"94:TCP"= 94:TCP:*isabled:VRS Recording System Web Control Panel
"9322:TCP"= 9322:TCP:EKDiscovery
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 3:50 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 12:56 PM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 12:32 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 12:32 PM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 164832]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [10/19/2012 1:51 PM 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [10/15/2012 10:58 AM 779200]
R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/14/1997 11:00 PM 136704]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [8/23/2012 11:31 AM 1532280]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [7/4/2012 3:26 PM 10088]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2/15/2011 11:01 AM 19968]
S2 gupdate1c9b3e1d16862e4;Google Update Service (gupdate1c9b3e1d16862e4);c:\program files\Google\Update\GoogleUpdate.exe [4/2/2009 5:24 PM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [11/22/2012 10:29 AM 3290304]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/24/2010 2:08 PM 30576]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/21/2012 9:03 AM 13024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 17:36 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 14:42]
.
2013-02-14 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 22:24]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 22:24]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005Core.job
- c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-16 14:57]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005UA.job
- c:\documents and settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-16 14:57]
.
2013-02-27 c:\windows\Tasks\User_Feed_Synchronization-{93569A66-A285-4B40-A523-6AAED93BF3BB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: S10 Autologin - c:\program files\S10 Password Vault\AutologinIE.htm
IE: S10 Autotype... - c:\program files\S10 Password Vault\AutotypeIE.htm
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-27 12:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MCSTRM]
"ImagePath"="\??\c:\windows\system32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\LMIinit.dll
.
Completion time: 2013-02-27 12:29:00
ComboFix-quarantined-files.txt 2013-02-27 17:28
ComboFix2.txt 2013-02-24 21:29
ComboFix3.txt 2013-02-24 19:18
.
Pre-Run: 60,462,518,272 bytes free
Post-Run: 60,469,252,096 bytes free
.
- - End Of File - - A5B02272D38E40A72865C6E3C0076BEF


----------



## Ditteaux (Feb 6, 2013)

Hello, A new problem has surfaced. Last night, (2/26/13) 10:30 PM. I clicked 'START' - Turn off computer & Turn off computer.. Then a window opened stating that -SKYPE.exe- is not responding. And the computer did NOT shut down. I then unplugged the power to the machine and when the battery ran down (about an hour) the machine shut down . Bob


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## Ditteaux (Feb 6, 2013)

OTS log.


----------



## Cookiegal (Aug 27, 2003)

Ditteaux said:


> Hello, A new problem has surfaced. Last night, (2/26/13) 10:30 PM. I clicked 'START' - Turn off computer & Turn off computer.. Then a window opened stating that -SKYPE.exe- is not responding. And the computer did NOT shut down. I then unplugged the power to the machine and when the battery ran down (about an hour) the machine shut down . Bob


You should exit Skype and other programs that are running before shutting down the computer. It may have been an isolated incident but in the future if a program is not responding it's best to call up the Task Manager (Ctrl-Alt-Del) and end task on the process which should then allow the shutdown to proceed.


----------



## Cookiegal (Aug 27, 2003)

Did you create this folder in your My Documents folder on February 22nd?

C:\Documents and Settings\Valued Customer\My Documents\*kjhygtre*

Do you know what this file is on your desktop? At first I thought it was GMER as that gets randomly name but the log shows a different file name:

C:\Documents and Settings\Valued Customer\Desktop\*fvors547.exe*


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [AVG Safe Search]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-122302908-1542226243-4210850061-1005\] > -> HKEY_USERS\S-1-5-21-122302908-1542226243-4210850061-1005\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{3D1F8CA7-9127-4E07-9D72-AC1704517844}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
YN -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup
YN -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk -> 
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-122302908-1542226243-4210850061-1005\] > -> HKEY_USERS\S-1-5-21-122302908-1542226243-4210850061-1005\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Value error.]
YN -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07]
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  Shortcut to TempWmicBatchFile.bat (2).lnk -> C:\Documents and Settings\Valued Customer\Desktop\Shortcut to TempWmicBatchFile.bat (2).lnk
NY ->  Shortcut to TempWmicBatchFile.bat.lnk -> C:\Documents and Settings\Valued Customer\Desktop\Shortcut to TempWmicBatchFile.bat.lnk
NY ->  30 C:\Documents and Settings\Valued Customer\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Valued Customer\Local Settings\Temp\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## Ditteaux (Feb 6, 2013)

Did you create this folder in your My Documents folder on February 22nd?

C:\Documents and Settings\Valued Customer\My Documents\kjhygtre ------------
Yes.. It consists of three photos that I took and edited on Picassa. 
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Do you know what this file is on your desktop? At first I thought it was GMER as that gets randomly name but the log shows a different file name: 
C:\Documents and Settings\Valued Customer\Desktop\fvors547.exe -------

YES.. It is simply a DUPLICATE GMER that I made in ERROR......... Bob


----------



## Ditteaux (Feb 6, 2013)

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-122302908-1542226243-4210850061-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{3D1F8CA7-9127-4E07-9D72-AC1704517844} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D1F8CA7-9127-4E07-9D72-AC1704517844}\ not found.
Registry value HKEY_USERS\S-1-5-21-122302908-1542226243-4210850061-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-122302908-1542226243-4210850061-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk moved successfully.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk not found.
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk moved successfully.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry value HKEY_USERS\S-1-5-21-122302908-1542226243-4210850061-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\003352_.tmp deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Valued Customer\Desktop\Shortcut to TempWmicBatchFile.bat (2).lnk moved successfully.
C:\Documents and Settings\Valued Customer\Desktop\Shortcut to TempWmicBatchFile.bat.lnk moved successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\7zS3B.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\7zS4F.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\7zS54.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\7zS84.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\7zS939.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\AuthorScript.tmp\Untitled\Cache\CacheDataFiles folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\AuthorScript.tmp\Untitled\Cache folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\AuthorScript.tmp\Untitled folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\AuthorScript.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\bye32.tmp\Disk1\Readme folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\bye32.tmp\Disk1\Brand folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\bye32.tmp\Disk1 folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\bye32.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\bye3B.tmp\Disk1\Readme folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\bye3B.tmp\Disk1\Brand folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\bye3B.tmp\Disk1 folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\bye3B.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\fla4A.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\ICD1.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\ih8.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\is-V6JGV.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\isp1CE.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsa460.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsa6B.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsfA6.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsg462.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsn1BC.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsn6A.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsnDC9.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsq256.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsu1069.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsw45E.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\nsw588.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\pft130.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\pft1C2.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\pft237.tmp\ENGLISH folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\pft237.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\sv55l.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\svllb.tmp folder deleted successfully.
C:\Documents and Settings\Valued Customer\Local Settings\Temp\_TWAIN.TMP folder deleted successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43178574 bytes

User: Valued Customer
->Temp folder emptied: 72854 bytes
->Temporary Internet Files folder emptied: 16320162 bytes
->Java cache emptied: 87761 bytes
->Google Chrome cache emptied: 470658557 bytes
->Flash cache emptied: 6020 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 520 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 506.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Valued Customer
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Valued Customer
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02272013_213229

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## Ditteaux (Feb 6, 2013)

By the way, You suggested that my AVG antiviris might interfere when I used COS and it did.I got a trojan horse notification from AVG. It says, Quote: " Name: Trojan horse Generic30.AKBA" [ ---- and, Quote: ---] "Object name: c:\Documents and Settings\Valued Customer\Desktop\OTS.exe".... This notice from AVG continues to appear when I startup my machine.


----------



## Cookiegal (Aug 27, 2003)

You will have to either create an exception for it or just ignore it for now.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## Ditteaux (Feb 6, 2013)

OTL logfile created on: 2/28/2013 6:15:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.98% Memory free
3.84 Gb Paging File | 3.11 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 96.50 Gb Total Space | 56.71 Gb Free Space | 58.77% Space Free | Partition Type: NTFS
Drive D: | 14.27 Gb Total Space | 1.27 Gb Free Space | 8.88% Space Free | Partition Type: FAT32

Computer Name: YOUR-252739F5C3 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/28 18:09:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
PRC - [2013/02/23 17:58:51 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/21 00:23:46 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/02/18 20:04:15 | 013,105,848 | ---- | M] (The Weather Channel) -- C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 10:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/08/23 11:31:24 | 001,532,280 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2012/08/23 11:31:24 | 001,222,008 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/23 23:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/07 03:45:33 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e672eebe01bcdc81f24acdd8765711b7\System.ServiceModel.ni.dll
MOD - [2013/02/07 02:39:37 | 000,298,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Automation\af69a1e077f076b755832b6fb68a7f56\Inkjet.Automation.ni.dll
MOD - [2013/02/07 02:39:28 | 000,095,744 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.DeviceSettin#\92a0f86c732436ac5c8ad60d7512a140\Inkjet.DeviceSettings.ni.dll
MOD - [2013/02/07 02:39:26 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Localization\61f51299025899bc1c308e9457801cfe\Inkjet.Localization.ni.dll
MOD - [2013/02/07 02:39:22 | 000,302,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Utilities\12a4c3e35a3a53b29c3f69f0a12315f3\Inkjet.Utilities.ni.dll
MOD - [2013/02/07 02:39:20 | 000,161,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.EKAiO2SDKLib\010fbf16f39b67efb0d65d424f939b26\Interop.EKAiO2SDKLib.ni.dll
MOD - [2013/02/07 02:39:19 | 000,890,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Hardware\ba49cbf5b2dd5f8774e3640ebc2c16e2\Inkjet.Hardware.ni.dll
MOD - [2013/02/07 02:39:16 | 000,179,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Statistics\b330cef7fd6f098684a32fbbf78ef604\Inkjet.Statistics.ni.dll
MOD - [2013/02/07 02:39:10 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Configuration\6f9ff38703dc4d0c7c57d0f4fbac74be\Inkjet.Configuration.ni.dll
MOD - [2013/02/07 02:39:09 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Diagnostics\a351836800136dc17d5f5eaf74a10c19\Inkjet.Diagnostics.ni.dll
MOD - [2013/02/07 02:36:12 | 000,188,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\b2c96ad8c083f1e333e17c35631335a6\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/02/07 02:36:10 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5b96ee4992d9559ba5483c769bc5c889\UIAutomationTypes.ni.dll
MOD - [2013/02/07 02:36:09 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\55ab32987c35d3d1b2a39be3098aff33\UIAutomationProvider.ni.dll
MOD - [2013/02/07 02:33:08 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b7d0ec51d35b10a951709d67a006caff\System.Xml.Linq.ni.dll
MOD - [2013/02/07 02:33:05 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e4cd33f11a3ae490d3c22e0cd6fdf69b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/02/07 02:33:01 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\928c67f0b00a834db1bd2de4a9640612\SMDiagnostics.ni.dll
MOD - [2013/02/07 02:33:00 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9819e790d082ea005c53c88875947436\System.Runtime.Serialization.ni.dll
MOD - [2013/02/07 02:32:17 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\33e724f77b380c9d94a332cabc677b5c\System.Xaml.ni.dll
MOD - [2013/02/07 02:26:09 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\39b6ffaaaacb0ff06949f83e517d541f\System.Runtime.Remoting.ni.dll
MOD - [2013/02/07 02:25:55 | 001,878,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Deployment\fd694dbf57cb6bdae4ab50d1c6f4ee44\System.Deployment.ni.dll
MOD - [2013/02/07 00:19:54 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9a1df03a8c629fa4f2be9f969ccda31c\PresentationFramework.ni.dll
MOD - [2013/02/07 00:19:29 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\87ac01901b750ecb16434bc9bc968745\System.Windows.Forms.ni.dll
MOD - [2013/02/07 00:19:22 | 011,106,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\84cbb8949b4d11ad357d35613a6daa1d\PresentationCore.ni.dll
MOD - [2013/02/07 00:19:01 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\59ec1e9b2be38fb39651664f6c83fdfa\WindowsBase.ni.dll
MOD - [2013/02/07 00:18:54 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\678ced31fce4daeb68c6637b855d4cbc\System.Drawing.ni.dll
MOD - [2013/02/07 00:18:34 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\1f8dadfe1e6c9b7c30c6cf6a21639a1a\System.Core.ni.dll
MOD - [2013/02/07 00:18:29 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\8b52a990eb3a96c252b35deadcecbf6f\System.Xml.ni.dll
MOD - [2013/02/07 00:18:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\448d9a8df0c78ad37ee7d88ccd5071f6\System.Configuration.ni.dll
MOD - [2013/02/07 00:18:18 | 000,284,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5fb7081c1c8ab76cf111ed621c5ef88c\PresentationFramework.Classic.ni.dll
MOD - [2013/02/07 00:18:12 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\664e86bc2d437899285b328cfaae0e28\System.ni.dll
MOD - [2013/02/07 00:17:56 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/02/02 04:19:46 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/02 04:16:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2006/11/07 18:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll
MOD - [2005/12/23 23:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lxddcoms.exe -- (lxdd_device)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/02/27 09:42:51 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/23 17:58:51 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/08/23 11:31:24 | 001,532,280 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/02/15 11:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Stopped] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/12/30 03:37:55 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 02:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 02:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 02:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 02:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/04 15:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/12/07 18:22:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/08 09:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 13:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/10/31 17:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/01 01:11:54 | 000,630,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/06 13:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/03/14 13:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/08/04 00:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2000/03/29 16:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 19 D8 BC 78 88 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Documents and Settings\Valued Customer\Desktop\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\UnfriendApp\Firefox\

[2012/01/01 15:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Extensions
[2012/01/01 15:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/ig
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdjvu.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: Poppit = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: CanIStream.It = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nefjaladmbgpekhpikihnnchgbdfojpk\4_0\

O1 HOSTS File: ([2013/02/27 12:26:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [DW7] C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: S10 Autologin - C:\Program Files\S10 Password Vault\AutologinIE.htm File not found
O8 - Extra context menu item: S10 Autotype... - C:\Program Files\S10 Password Vault\AutotypeIE.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab (DjVuCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.11/uploader2.cab (UploadListView Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1360213034431 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D87BB8-5C6E-4171-A518-8F4560DF8011}: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valued Customer\My Documents\My Pictures\Picasa\Backgrounds\picasabackground-016.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/02/28 18:09:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2013/02/27 21:33:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/27 21:32:29 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/02/27 14:23:02 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTS.exe
[2013/02/24 18:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/02/24 14:07:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/02/24 14:04:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/24 14:04:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/24 14:04:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/24 14:04:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/24 14:02:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/24 14:02:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/24 13:54:48 | 005,036,023 | R--- | C] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\puppy.exe
[2013/02/23 17:59:19 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/23 17:59:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/23 17:59:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/23 17:59:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/22 13:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\My Documents\kjhygtre
[2013/02/22 08:57:52 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Valued Customer\Desktop\MGADiag.exe
[2013/02/22 08:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2013/02/19 15:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/02/19 15:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/02/19 15:33:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Valued Customer\Desktop\HijackThis.exe
[2013/02/18 13:19:45 | 011,004,488 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2013/02/12 22:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/02/12 05:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2013/02/07 00:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2013/02/07 00:03:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/02/07 00:03:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2013/02/06 23:31:28 | 000,000,000 | ---D | C] -- C:\MATS

========== Files - Modified Within 30 Days ==========

[2013/02/28 18:09:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2013/02/28 18:01:11 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/28 18:01:02 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005UA.job
[2013/02/28 17:49:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\cmsstorage.lst
[2013/02/28 17:49:24 | 000,000,078 | -H-- | M] () -- C:\cmsstorage.lst
[2013/02/28 17:45:39 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93569A66-A285-4B40-A523-6AAED93BF3BB}.job
[2013/02/28 17:42:44 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/28 05:01:06 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005Core.job
[2013/02/28 05:01:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/28 04:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/28 04:33:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/28 03:03:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/28 03:02:57 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/28 00:17:13 | 000,000,029 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/02/27 14:25:14 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTS.exe
[2013/02/27 12:26:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/27 12:17:36 | 005,036,023 | R--- | M] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\puppy.exe
[2013/02/27 09:42:49 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/27 09:42:49 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/26 12:36:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/02/24 14:07:24 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2013/02/24 12:34:45 | 000,594,019 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\AdwCleaner.exe
[2013/02/24 09:00:56 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/23 17:58:53 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/23 17:58:50 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/23 17:58:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/23 17:58:50 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/23 17:58:49 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/02/23 17:58:49 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/23 17:58:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/22 19:16:32 | 001,359,579 | ---- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\note pad file.CLP
[2013/02/22 19:15:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/22 09:36:38 | 001,359,579 | ---- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\tsg mda report.CLP
[2013/02/22 09:25:28 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\Shortcut (2) to 123456789.lnk
[2013/02/22 09:25:22 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\Shortcut to 123456789.lnk
[2013/02/22 09:17:58 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\clipbrd.exe.lnk
[2013/02/22 08:57:54 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Valued Customer\Desktop\MGADiag.exe
[2013/02/19 17:37:45 | 000,374,784 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\fvors547.exe
[2013/02/19 15:33:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Valued Customer\Desktop\HijackThis.exe
[2013/02/18 20:04:16 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel App.lnk
[2013/02/18 13:20:08 | 011,004,488 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2013/02/14 16:54:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2013/02/14 02:37:53 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 20:18:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/13 20:15:32 | 000,569,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 20:15:32 | 000,113,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/12 22:16:40 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/02/09 14:08:26 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/09 13:33:37 | 000,000,483 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\Shortcut to CLIPSRV.EX_.lnk
[2013/02/02 17:27:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/02/01 02:15:02 | 000,000,460 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\burnaware.ini

========== Files Created - No Company Name ==========

[2013/02/27 21:37:35 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/02/24 14:07:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/02/24 14:07:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/02/24 14:04:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/24 14:04:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/24 14:04:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/24 14:04:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/24 14:04:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/24 12:34:43 | 000,594,019 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\AdwCleaner.exe
[2013/02/22 19:16:32 | 001,359,579 | ---- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\note pad file.CLP
[2013/02/22 09:36:38 | 001,359,579 | ---- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\tsg mda report.CLP
[2013/02/22 09:25:28 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\Shortcut (2) to 123456789.lnk
[2013/02/22 09:25:22 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\Shortcut to 123456789.lnk
[2013/02/22 09:15:16 | 000,001,397 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\clipbrd.exe.lnk
[2013/02/19 17:37:43 | 000,374,784 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\fvors547.exe
[2013/02/09 13:33:37 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\Shortcut to CLIPSRV.EX_.lnk
[2013/02/07 00:02:23 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/01/26 17:35:38 | 000,300,784 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-122302908-1542226243-4210850061-1005-0.dat
[2013/01/24 21:48:40 | 000,235,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/01 09:50:54 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\burnaware.ini
[2012/08/21 09:03:56 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/07/25 15:37:22 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\dt.dat
[2012/02/16 13:25:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/26 03:39:44 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/13 23:02:05 | 000,006,604 | ---- | C] () -- C:\Documents and Settings\All Users\lxdd
[2009/12/19 11:55:18 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/01/19 21:42:36 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/20 12:08:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\wklnhst.dat
[2007/12/17 16:12:45 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/29 12:39:27 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/03/28 07:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >


----------



## Ditteaux (Feb 6, 2013)

OTL Extras logfile created on: 2/28/2013 6:15:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.98% Memory free
3.84 Gb Paging File | 3.11 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 96.50 Gb Total Space | 56.71 Gb Free Space | 58.77% Space Free | Partition Type: NTFS
Drive D: | 14.27 Gb Total Space | 1.27 Gb Free Space | 8.88% Space Free | Partition Type: FAT32

Computer Name: YOUR-252739F5C3 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*isabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*isabledxpsp2res.dll,-22009
"5353:UDP" = 5353:UDP:*isabled:Bonjour Port 5353
"94:TCP" = 94:TCP:*isabled:VRS Recording System Web Control Panel
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\Hp\HP Software Update\HPWUCli.exe" = C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\Valued Customer\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Valued Customer\Application Data\mjusbsp\magicJack.exe:*isabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Messenger\Msmsgs.exe" = C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabledersonal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*isabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*isabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1968465A-D76E-4B88-8401-DAF9E5C82A87}" = Document Express DjVu Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.2
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C023FB-E7F6-4415-ACEF-82372B8A05A8}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" = 
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A44413DC-17D5-4F0B-A128-8B590B20323C}" = Windows Messenger 5.1
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E74E3D81-773B-4DCF-B706-50236F80BD81}" = HP User Guides 0019
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2013
"AVG PC TuneUp" = AVG PC TuneUp
"Camera Driver_is1" = Camera Driver
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DjVu" = Lizardtech DjVu Control (autoinstall)
"DriverAgent.exe" = DriverAgent by TouchStone Software
"ESET Online Scanner" = ESET Online Scanner v3
"getPlus(R)_ocx" = getPlus(R)_ocx
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Media Manager 1.5" = Microsoft Media Manager 1.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Connections Drivers
"The Weather Channel App" = The Weather Channel App
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2013 6:37:10 PM | Computer Name = YOUR-252739F5C3 | Source = Application Hang | ID = 1002
Description = Hanging application tn3bqupj.exe, version 2.1.18952.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2013 11:57:34 PM | Computer Name = YOUR-252739F5C3 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 twcapp.exe, P2 7.5.2.0, P3 50a4f142, P4 twcapp,
P5 7.5.2.0, P6 50a4f142, P7 34e, P8 0, P9 system.nullreferenceexception, P10 NIL.

Error - 2/22/2013 11:57:44 PM | Computer Name = YOUR-252739F5C3 | Source = .NET Runtime | ID = 1026
Description =

Error - 2/26/2013 8:01:35 AM | Computer Name = YOUR-252739F5C3 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 2/26/2013 8:12:25 AM | Computer Name = YOUR-252739F5C3 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shstgeu.dll, version 1.5.0.715, fault address 0x00029916.

Error - 2/26/2013 1:55:35 PM | Computer Name = YOUR-252739F5C3 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shstgeu.dll, version 1.5.0.715, fault address 0x00029916.

Error - 2/27/2013 8:01:23 PM | Computer Name = YOUR-252739F5C3 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 2/28/2013 1:01:04 AM | Computer Name = YOUR-252739F5C3 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 2/28/2013 6:44:02 PM | Computer Name = YOUR-252739F5C3 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 2/28/2013 7:01:02 PM | Computer Name = YOUR-252739F5C3 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

[ System Events ]
Error - 2/27/2013 10:37:59 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The lxdd_device service failed to start due to the following error:
%%2

Error - 2/27/2013 10:37:59 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2001

Error - 2/28/2013 4:04:49 AM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/28/2013 4:04:49 AM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Cron Service for Prey
service to connect.

Error - 2/28/2013 4:04:49 AM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The Cron Service for Prey service failed to start due to the following
error: %%1053

Error - 2/28/2013 4:04:49 AM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/28/2013 4:04:49 AM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 2/28/2013 4:04:49 AM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The lxdd_device service failed to start due to the following error:
%%2

Error - 2/28/2013 4:04:49 AM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2001

Error - 2/28/2013 6:42:13 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the TuneUp.UtilitiesSvc service.

< End of report >


----------



## Cookiegal (Aug 27, 2003)

How are things with the system now?


----------



## Ditteaux (Feb 6, 2013)

I've been surfing for hours. I have had 8 tabs opened at once. I have found 'ZERO' problems. Not a stutter or shake anywhere. The speed is excelent. - (22ms Ping - 14.5 Mbps DLD - .95 Mbps Upld) That's as good as it ever was. More later - Dr's appt. today.. Bob


----------



## Cookiegal (Aug 27, 2003)

Did you delete this file?

C:\WINDOWS\System32\TempWmicBatchFile.bat

Because if you did then it looks like it got recreated.


----------



## Ditteaux (Feb 6, 2013)

Hello, NO I did not delete - C:\WINDOWS\System32\TempWmicBatchFile.bat - BUT when I searched - Local Disk (C for it I found 4 files where there once was 1. They are: 1. TempWmicBatchFile.bat... 2. TempWmicBatchFile.bat.vir in folder - C:\Qoobox\Quarantine\C:\WINDOWS\system32 3. Shortcut to TempWmicBatchFile.bat (2) - In folder C:\OTS\MovedFiles\02272013_213229\C_Documents and Settings\Valued Customer\Desktop and 4. - Shortcut to TempWicBatchFile.bat - in the same folder as '#3'


----------



## Cookiegal (Aug 27, 2003)

OK, I deleted it with ComboFix but it got recreated. It appears it's releated to Cron Service for Prey. Can you tell me what Prey is?


----------



## Ditteaux (Feb 6, 2013)

Prey is software that allows you access to your computer if it is stolen. (See PREY.com)

Basically you install a tiny agent in your PC or phone, which silently waits for a remote signal to wake up and work its magic.
This signal is sent either from the Internet orthrough an SMS message, and allows you to gather information regarding the device's location, hardware and network status, and optionally trigger specific actions on it


----------



## Ditteaux (Feb 6, 2013)

*00% geolocation aware*

Prey uses either the device's GPS or the nearest WiFi hotspots to triangulate and grab a fix on its location. It's _shockingly_ accurate.








*Wifi autoconnect*

If enabled, Prey will attempt to hook onto to the nearest open WiFi hotspot when no Internet connection is found.








*Light as a feather*

Prey has very few dependencies and doesn't even leave a memory footprint until activated. We care as much as you do.








*Know your enemy*

Take a picture of the thief with your laptop's webcam so you know what he looks like and where he's hiding. Powerful evidence.








*Watch their movements*

Grab a screenshot of the active session -- if you're lucky you may catch the guy logged into his email or Facebook account!








*Keep your data safe*

Hide your Outlook or Thunderbird data and optionally remove your stored passwords, so no one will be able to look into your stuff.








*No unauthorized access*

Fully lock down your PC, making it unusable unless a specific password is entered. The guy won't be able to do a thing!








*Scan your hardware*

Get a complete list of your PC's CPU, motherboard, RAM, and BIOS information. Works great when used with Active Mode.








*Full auto updater*

Prey can check its current version and automagically fetch and update itself, so you don't need to manually reinstall each time


----------



## Ditteaux (Feb 6, 2013)

More about PREY:
Besides gathering information, you can also trigger actions remotely such as sounding a loud alarm or showing a message which will appear onscreen - just in case you want the guy to know he's being chased at.
You can also wipe your stored passwords for security, or even lock down your PC to prevent access. In other words, you're in control.


----------



## Ditteaux (Feb 6, 2013)

If it's causing problems, I can get by without it... Bob


----------



## Cookiegal (Aug 27, 2003)

I'd ask if you wouldn't mind using the default font black colour as I have trouble reading the pale font. 

It's not causing any trouble but that explains why it creates that .bat file which I thought was suspicious. It's to find out who is logged into the computer. That makes sense if it's stolen.

Are there any other problems with the computer?


----------



## Ditteaux (Feb 6, 2013)

I have not found any other problems with the computer... Bob


----------



## Cookiegal (Aug 27, 2003)

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## Ditteaux (Feb 6, 2013)

Hello, I have followed your final instructions. It's been two days now and I have NOT found any problems. I would like to tinker around for a few more days just to be sure things are up to snuff.. B


----------



## etaf (Oct 2, 2003)

hi, 
we have been informed that *Cookiegal* telephone line is now down and they say that it may take upto three days before *Cookiegal* will be back online - sorry for any inconvenience

Wayne
ETAF


----------



## Cookiegal (Aug 27, 2003)

Thankfully the service was restored sooner than ancitipcated. 

By all means, please run it for a few days and let me know if there are any problems. The thread will remain open for 45 days after the last reply (they close automatically after 45 days of inactivity).


----------



## Ditteaux (Feb 6, 2013)

Glad your back. There is NO sign of the -IMINENT- infection that plagued me for 2 months. Thank you so much. I will keep in touch for a while to make sure things are running right. .. Then I get to -MARK IT SOLVED- Bob


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## Ditteaux (Feb 6, 2013)

Sunday 3/10/2013 - Still NO PROBLEMS


----------



## Cookiegal (Aug 27, 2003)

Wonderful. :up:


----------



## Ditteaux (Feb 6, 2013)

Thursday March 21, I'm certain there are NO problems with my computer. Thank you sooo much. I will be making a donation after the first of the month (payday). Bob


----------



## Cookiegal (Aug 27, 2003)

Ditteaux said:


> Thursday March 21, I'm certain there are NO problems with my computer. Thank you sooo much. I will be making a donation after the first of the month (payday). Bob


It's my pleasure and thank you for the donation. We appreciate the support very much.


----------



## Ditteaux (Feb 6, 2013)

Hello, and I'm sorry to say but 'Iminent' is back. When I booted up, my Chrome homepage with Google search opened and another tab appeared (top left) labeled "Iminent search" A couple months ago when iminent first appeared, the tab and background was pink. Now it's white. I have not clicked it. I thought we had buried it... Bob


----------



## Cookiegal (Aug 27, 2003)

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## Ditteaux (Feb 6, 2013)

After my last post, (April 1 ), I turned the computer off. Next day it started as usual for a minute then froze on the " - loading your personal settings-" page. I unplugged the power and let it sit for a day and the battery went dead after a couple hours. Then it (I guess) reset itself like it always does. When I started up today, I used SAFE MODE. I tried using Systeme Restore on three different restore points that were set up following your instructions from about month ago. I got the message "[-- Restore Incomplete --. No changes have been made to your computer ]" I'm running in safe mode now, I think. Do you want me to scan and post in safe mode, or turn it off and try to restart again and then, if it starts up, scan and post ?... Bob.


----------



## Cookiegal (Aug 27, 2003)

Try rebooting to see if it goes to Windows normally and then do the scan. If not, run the scan in safe mode.


----------



## Ditteaux (Feb 6, 2013)

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Valued Customer at 12:38:34 on 2013-04-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1328 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Prey\platform\windows\cronsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: S10 Autologin - c:\program files\s10 password vault\AutologinIE.htm
IE: S10 Autotype... - c:\program files\s10 password vault\AutotypeIE.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.11/uploader2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360213034431
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1 74.128.17.114 74.128.19.102
TCP: Interfaces\{03D87BB8-5C6E-4171-A518-8F4560DF8011} : DHCPNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 182072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-2-19 282624]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-1-27 54760]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-19 47640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 MMIndexer;Media Manager Indexer;c:\program files\common files\microsoft shared\media manager\AIRSVCU.EXE [1997-7-15 136704]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-2-27 4937264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b3e1d16862e4;Google Update Service (gupdate1c9b3e1d16862e4);c:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-24 30576]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-21 13024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-04-05 16:09:22 -------- dc-h--w- c:\windows\ie8
2013-03-25 20:39:46 4546560 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-20 21:07:28 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-20 21:07:28 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-03-13 04:43:10 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-11 20:49:43 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid
2013-03-11 20:49:27 -------- d-----w- c:\program files\Coupons
2013-03-09 22:22:31 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-04-05 16:36:08 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-03-13 04:43:23 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 04:43:21 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-09 22:21:52 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-09 22:21:44 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-09 22:21:44 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-01 14:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 03:40:46 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-18 18:20:08 11004488 ----a-w- c:\program files\common files\lpuninstall.exe
2013-02-14 07:52:46 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 08:37:56 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 08:37:52 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 08:37:44 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 08:37:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:38:57.17 ===============


----------



## Ditteaux (Feb 6, 2013)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/29/2006 1:38:23 PM
System Uptime: 4/5/2013 12:14:06 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30A8
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U1 | 1828/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 96 GiB total, 55.031 GiB free.
D: is FIXED (FAT32) - 14 GiB total, 1.268 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\15FB4084683F0200
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\15FB4084683F0200
Service: NIC1394
.
Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A5103C&REV_00\4&2EC23395&0&32F0
Manufacturer: 
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A5103C&REV_00\4&2EC23395&0&32F0
Service: 
.
==== System Restore Points ===================
.
RP1: 3/3/2013 3:03:46 PM - System Checkpoint
RP2: 3/3/2013 3:08:46 PM - Post iminent with Techsupportguy-3/3/2013
RP3: 3/3/2013 11:17:17 PM - post tsg
RP4: 3/5/2013 10:25:11 PM - System Checkpoint
RP5: 3/6/2013 11:47:54 PM - System Checkpoint
RP6: 3/7/2013 1:51:40 AM - Removed Skype™ 6.1
RP7: 3/8/2013 3:53:58 PM - System Checkpoint
RP8: 3/9/2013 5:21:04 PM - Removed Java 7 Update 15
RP9: 3/9/2013 5:21:33 PM - Installed Java 7 Update 17
RP10: 3/10/2013 9:10:39 PM - System Checkpoint
RP11: 3/11/2013 9:35:31 PM - Removed Skype™ 6.2
RP12: 3/11/2013 9:37:44 PM - Removed Skype Click to Call
RP13: 3/11/2013 9:38:36 PM - Installed Skype™ 6.1
RP14: 3/13/2013 1:29:32 AM - Software Distribution Service 3.0
RP15: 3/18/2013 7:26:58 AM - System Checkpoint
RP16: 3/19/2013 1:52:35 PM - System Checkpoint
RP17: 3/20/2013 2:41:31 PM - System Checkpoint
RP18: 3/20/2013 8:01:02 PM - Software Distribution Service 3.0
RP19: 3/21/2013 9:06:11 PM - System Checkpoint
RP20: 3/23/2013 11:52:23 AM - System Checkpoint
RP21: 3/25/2013 10:09:59 PM - System Checkpoint
RP22: 3/26/2013 10:37:25 PM - System Checkpoint
RP23: 3/27/2013 1:00:20 PM - Software Distribution Service 3.0
RP24: 3/27/2013 9:41:09 PM - Installed AVG 2013
RP25: 3/27/2013 9:41:27 PM - Removed AVG 2013
RP26: 3/27/2013 9:42:29 PM - Installed AVG 2013
RP27: 3/27/2013 9:46:27 PM - Removed AVG 2013
RP28: 3/28/2013 1:00:20 PM - Software Distribution Service 3.0
RP29: 3/29/2013 1:27:15 PM - System Checkpoint
RP30: 3/30/2013 2:19:30 PM - System Checkpoint
RP31: 3/31/2013 3:43:24 PM - System Checkpoint
RP32: 4/1/2013 5:44:52 PM - System Checkpoint
RP33: 4/2/2013 6:24:15 PM - System Checkpoint
RP34: 4/4/2013 11:42:16 AM - Restore Operation
RP35: 4/4/2013 11:49:14 AM - Restore Operation
RP36: 4/4/2013 11:55:45 AM - Restore Operation
RP37: 4/4/2013 12:03:24 PM - Restore Operation
RP38: 4/5/2013 12:09:46 PM - Installed Windows Internet Explorer 8.
RP39: 4/5/2013 12:10:37 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.6)
aioscnnr
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
C4USelfUpdater
Camera Driver
center
Conexant HD Audio
Coupon Printer for Windows
Document Express DjVu Plug-in
DriverAgent by TouchStone Software
ESET Online Scanner v3
essentials
FinePixViewer Ver.4.2
FUJIFILM USB Driver
getPlus(R)_ocx
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
HP Help and Support
HP Product Detection
HP Update
HP User Guides--System Recovery
HP User Guides 0019
HP Wireless Assistant 2.00 E1
HpSdpAppCoreApp
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Kodak AIO Printer
KODAK AiO Software
LightScribe 1.4.105.1
Lizardtech DjVu Control (autoinstall)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft IntelliPoint 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft Media Manager 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MicroStaff WINASPI
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
ocr
Office 2003 Trial Assistant
Picasa 3
PreReq
Samsung USB Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB2809289)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Segoe UI
Shipping Assistant 3.6
Skype™ 6.1
SonicAC3Encoder
SonicMPEGEncoder
swMSM
The Weather Channel App
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Vongo
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1
Windows Presentation Foundation
Windows XP Service Pack 3
Wireless Home Network Setup
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
4/4/2013 11:49:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
4/4/2013 11:49:06 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/4/2013 11:49:05 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/4/2013 11:49:01 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
4/4/2013 11:25:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
4/4/2013 11:25:16 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 11:25:16 AM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2013 11:25:16 AM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2013 11:25:16 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 11:25:16 AM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 11:25:16 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 11:25:16 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 11:25:16 AM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
4/4/2013 11:24:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/4/2013 11:24:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/2/2013 5:21:15 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The specified driver is invalid.
4/2/2013 5:21:15 AM, error: Service Control Manager [7000] - The lxdd_device service failed to start due to the following error: The system cannot find the file specified.
4/2/2013 5:21:15 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
4/1/2013 7:18:08 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
3/31/2013 9:02:39 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
3/31/2013 9:02:39 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


----------



## Ditteaux (Feb 6, 2013)

Hello,
I rebooted and windows started in "NORMAL" mode.


----------



## Cookiegal (Aug 27, 2003)

Please uninstall these older versions of Java.

Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## Ditteaux (Feb 6, 2013)

OTL Extras logfile created on: 4/5/2013 7:47:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.71% Memory free
3.84 Gb Paging File | 3.12 Gb Available in Paging File | 81.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 96.50 Gb Total Space | 55.10 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
Drive D: | 14.27 Gb Total Space | 1.27 Gb Free Space | 8.88% Space Free | Partition Type: FAT32

Computer Name: YOUR-252739F5C3 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*isabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*isabledxpsp2res.dll,-22009
"5353:UDP" = 5353:UDP:*isabled:Bonjour Port 5353
"94:TCP" = 94:TCP:*isabled:VRS Recording System Web Control Panel
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\Hp\HP Software Update\HPWUCli.exe" = C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\Valued Customer\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Valued Customer\Application Data\mjusbsp\magicJack.exe:*isabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Messenger\Msmsgs.exe" = C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*isabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*isabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabledersonal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1968465A-D76E-4B88-8401-DAF9E5C82A87}" = Document Express DjVu Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.2
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7735BD50-87C5-4838-A276-4A3621BBD306}" = AVG 2013
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C023FB-E7F6-4415-ACEF-82372B8A05A8}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" = 
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A44413DC-17D5-4F0B-A128-8B590B20323C}" = Windows Messenger 5.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E74E3D81-773B-4DCF-B706-50236F80BD81}" = HP User Guides 0019
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2013
"AVG PC TuneUp" = AVG PC TuneUp
"Camera Driver_is1" = Camera Driver
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"DjVu" = Lizardtech DjVu Control (autoinstall)
"DriverAgent.exe" = DriverAgent by TouchStone Software
"ESET Online Scanner" = ESET Online Scanner v3
"getPlus(R)_ocx" = getPlus(R)_ocx
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Media Manager 1.5" = Microsoft Media Manager 1.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Connections Drivers
"The Weather Channel App" = The Weather Channel App
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/4/2013 12:03:10 PM | Computer Name = YOUR-252739F5C3 | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application
Details:
The
content index cannot be read. (0xc0041800)

Error - 4/4/2013 1:01:52 PM | Computer Name = YOUR-252739F5C3 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 4/4/2013 6:01:04 PM | Computer Name = YOUR-252739F5C3 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 4/4/2013 11:01:03 PM | Computer Name = YOUR-252739F5C3 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 4/5/2013 4:01:02 AM | Computer Name = YOUR-252739F5C3 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 4/5/2013 9:01:04 AM | Computer Name = YOUR-252739F5C3 | Source = MsiInstaller | ID = 11714
Description = Product: Google Talk Plugin -- Error 1714. The older version of Google
Talk Plugin cannot be removed. Contact your technical support group. System Error
1612.

Error - 4/5/2013 11:58:19 AM | Computer Name = YOUR-252739F5C3 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/5/2013 11:58:19 AM | Computer Name = YOUR-252739F5C3 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/5/2013 11:58:19 AM | Computer Name = YOUR-252739F5C3 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/5/2013 11:58:19 AM | Computer Name = YOUR-252739F5C3 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 4/5/2013 12:16:27 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2001

Error - 4/5/2013 12:17:42 PM | Computer Name = YOUR-252739F5C3 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 4/5/2013 1:04:35 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 4/5/2013 1:04:35 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/5/2013 1:04:35 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The lxdd_device service failed to start due to the following error:
%%2

Error - 4/5/2013 1:04:35 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2001

Error - 4/5/2013 7:31:05 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 4/5/2013 7:31:05 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/5/2013 7:31:05 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The lxdd_device service failed to start due to the following error:
%%2

Error - 4/5/2013 7:31:05 PM | Computer Name = YOUR-252739F5C3 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2001

< End of report >

OTL logfile created on: 4/5/2013 7:47:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.71% Memory free
3.84 Gb Paging File | 3.12 Gb Available in Paging File | 81.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 96.50 Gb Total Space | 55.10 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
Drive D: | 14.27 Gb Total Space | 1.27 Gb Free Space | 8.88% Space Free | Partition Type: FAT32

Computer Name: YOUR-252739F5C3 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/05 19:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/03/09 18:22:02 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/18 21:04:15 | 013,105,848 | ---- | M] (The Weather Channel) -- C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/08/23 12:31:24 | 001,532,280 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2012/08/23 12:31:24 | 001,222,008 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/24 00:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/13 21:16:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/07 04:45:33 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e672eebe01bcdc81f24acdd8765711b7\System.ServiceModel.ni.dll
MOD - [2013/02/07 03:39:37 | 000,298,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Automation\af69a1e077f076b755832b6fb68a7f56\Inkjet.Automation.ni.dll
MOD - [2013/02/07 03:39:28 | 000,095,744 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.DeviceSettin#\92a0f86c732436ac5c8ad60d7512a140\Inkjet.DeviceSettings.ni.dll
MOD - [2013/02/07 03:39:26 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Localization\61f51299025899bc1c308e9457801cfe\Inkjet.Localization.ni.dll
MOD - [2013/02/07 03:39:22 | 000,302,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Utilities\12a4c3e35a3a53b29c3f69f0a12315f3\Inkjet.Utilities.ni.dll
MOD - [2013/02/07 03:39:20 | 000,161,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.EKAiO2SDKLib\010fbf16f39b67efb0d65d424f939b26\Interop.EKAiO2SDKLib.ni.dll
MOD - [2013/02/07 03:39:19 | 000,890,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Hardware\ba49cbf5b2dd5f8774e3640ebc2c16e2\Inkjet.Hardware.ni.dll
MOD - [2013/02/07 03:39:16 | 000,179,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Statistics\b330cef7fd6f098684a32fbbf78ef604\Inkjet.Statistics.ni.dll
MOD - [2013/02/07 03:39:10 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Configuration\6f9ff38703dc4d0c7c57d0f4fbac74be\Inkjet.Configuration.ni.dll
MOD - [2013/02/07 03:39:09 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Diagnostics\a351836800136dc17d5f5eaf74a10c19\Inkjet.Diagnostics.ni.dll
MOD - [2013/02/07 03:36:12 | 000,188,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\b2c96ad8c083f1e333e17c35631335a6\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/02/07 03:36:10 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5b96ee4992d9559ba5483c769bc5c889\UIAutomationTypes.ni.dll
MOD - [2013/02/07 03:36:09 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\55ab32987c35d3d1b2a39be3098aff33\UIAutomationProvider.ni.dll
MOD - [2013/02/07 03:33:08 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b7d0ec51d35b10a951709d67a006caff\System.Xml.Linq.ni.dll
MOD - [2013/02/07 03:33:05 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e4cd33f11a3ae490d3c22e0cd6fdf69b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/02/07 03:33:01 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\928c67f0b00a834db1bd2de4a9640612\SMDiagnostics.ni.dll
MOD - [2013/02/07 03:33:00 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9819e790d082ea005c53c88875947436\System.Runtime.Serialization.ni.dll
MOD - [2013/02/07 03:32:17 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\33e724f77b380c9d94a332cabc677b5c\System.Xaml.ni.dll
MOD - [2013/02/07 03:26:09 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\39b6ffaaaacb0ff06949f83e517d541f\System.Runtime.Remoting.ni.dll
MOD - [2013/02/07 03:25:55 | 001,878,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Deployment\fd694dbf57cb6bdae4ab50d1c6f4ee44\System.Deployment.ni.dll
MOD - [2013/02/07 01:19:54 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9a1df03a8c629fa4f2be9f969ccda31c\PresentationFramework.ni.dll
MOD - [2013/02/07 01:19:29 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\87ac01901b750ecb16434bc9bc968745\System.Windows.Forms.ni.dll
MOD - [2013/02/07 01:19:22 | 011,106,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\84cbb8949b4d11ad357d35613a6daa1d\PresentationCore.ni.dll
MOD - [2013/02/07 01:19:01 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\59ec1e9b2be38fb39651664f6c83fdfa\WindowsBase.ni.dll
MOD - [2013/02/07 01:18:54 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\678ced31fce4daeb68c6637b855d4cbc\System.Drawing.ni.dll
MOD - [2013/02/07 01:18:34 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\1f8dadfe1e6c9b7c30c6cf6a21639a1a\System.Core.ni.dll
MOD - [2013/02/07 01:18:29 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\8b52a990eb3a96c252b35deadcecbf6f\System.Xml.ni.dll
MOD - [2013/02/07 01:18:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\448d9a8df0c78ad37ee7d88ccd5071f6\System.Configuration.ni.dll
MOD - [2013/02/07 01:18:18 | 000,284,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5fb7081c1c8ab76cf111ed621c5ef88c\PresentationFramework.Classic.ni.dll
MOD - [2013/02/07 01:18:12 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\664e86bc2d437899285b328cfaae0e28\System.ni.dll
MOD - [2013/02/07 01:17:56 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2013/02/07 01:06:34 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/02/07 01:06:10 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/02/02 05:19:46 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/02 05:16:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2006/11/07 19:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll
MOD - [2005/12/24 00:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lxddcoms.exe -- (lxdd_device)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/03/13 00:43:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/09 18:22:02 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/08/23 12:31:24 | 001,532,280 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/12/30 04:37:55 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/07/04 16:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/12/07 19:22:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/05/20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/10/31 18:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/01 02:11:54 | 000,630,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/06 14:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/03/14 14:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 07:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/19 16:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 16:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 16:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 11:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 11:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 11:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/08/04 01:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 19 D8 BC 78 88 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Documents and Settings\Valued Customer\Desktop\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\UnfriendApp\Firefox\

[2012/01/01 16:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Extensions
[2012/01/01 16:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

O1 HOSTS File: ([2013/02/27 13:26:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKCU..\Run: [DW7] C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: S10 Autologin - C:\Program Files\S10 Password Vault\AutologinIE.htm File not found
O8 - Extra context menu item: S10 Autotype... - C:\Program Files\S10 Password Vault\AutotypeIE.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab (DjVuCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.11/uploader2.cab (UploadListView Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1360213034431 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D87BB8-5C6E-4171-A518-8F4560DF8011}: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valued Customer\My Documents\My Pictures\Picasa\Backgrounds\picasabackground-016.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/04/05 19:44:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2013/04/05 12:36:39 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\dds.4.5.13.scr
[2013/04/05 12:09:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/04/04 15:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/04/04 11:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/04/04 11:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/04 11:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/04/04 11:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2013/03/25 16:39:46 | 004,546,560 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2013/03/20 17:07:28 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/20 17:07:28 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/13 00:43:10 | 015,859,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/11 16:49:43 | 000,465,280 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/03/11 16:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2013/03/09 18:22:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/09 18:22:31 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/09 18:22:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/09 18:22:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/18 14:19:45 | 011,004,488 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/04/05 19:50:44 | 000,000,029 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/05 19:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2013/04/05 19:42:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/05 19:37:57 | 000,000,078 | -H-- | M] () -- C:\cmsstorage.lst
[2013/04/05 19:37:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\cmsstorage.lst
[2013/04/05 19:33:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/05 19:32:43 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93569A66-A285-4B40-A523-6AAED93BF3BB}.job
[2013/04/05 19:29:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/05 19:29:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/05 19:29:17 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 13:01:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005UA.job
[2013/04/05 13:00:52 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/05 12:36:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\dds.4.5.13.scr
[2013/04/05 12:15:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/05 05:01:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005Core.job
[2013/04/04 16:54:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2013/04/04 15:49:29 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/04/04 11:23:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/31 00:35:14 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/27 00:36:26 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/25 16:39:46 | 004,546,560 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2013/03/13 00:43:23 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/13 00:43:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/13 00:43:12 | 015,859,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/11 21:38:44 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/11 16:49:46 | 000,465,280 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/03/11 12:00:29 | 000,569,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 12:00:29 | 000,113,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/09 18:22:16 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/09 18:21:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/09 18:21:54 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/09 18:21:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/09 18:21:52 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/09 18:21:44 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/03/09 18:21:44 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/07 03:17:24 | 000,000,000 | ---- | M] () -- C:\Cookies
[2013/03/07 02:36:34 | 000,041,763 | ---- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\robert.ralston8.vcf

========== Files Created - No Company Name ==========

[2013/04/05 12:15:00 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/05 12:15:00 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Start Menu\Programs\Internet Explorer.lnk
[2013/04/04 11:40:03 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/27 00:36:26 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/11 21:38:44 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/07 03:17:24 | 000,000,000 | ---- | C] () -- C:\Cookies
[2013/03/07 02:36:34 | 000,041,763 | ---- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\robert.ralston8.vcf
[2013/01/26 18:35:38 | 000,536,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-122302908-1542226243-4210850061-1005-0.dat
[2013/01/24 22:48:40 | 000,235,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/01 10:50:54 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\burnaware.ini
[2012/08/21 10:03:56 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/07/25 16:37:22 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\dt.dat
[2012/02/16 14:25:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/26 04:39:44 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/14 00:02:05 | 000,006,604 | ---- | C] () -- C:\Documents and Settings\All Users\lxdd
[2009/12/19 12:55:18 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/01/19 22:42:36 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/20 13:08:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\wklnhst.dat
[2007/12/17 17:12:45 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/29 13:39:27 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/03/28 08:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add or Remove Programs and remove this:

*InstallIQ Updater*

Can you tell me about this folder?

C:\Documents and Settings\All Users\lxdd

Did you create it or do you know what it is? If not, please look inside and tell me the names of the files it contains.

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={sear...e=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 19 D8 BC 78 88 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Documents and Settings\Valued Customer\Desktop\Picasa2\npPicasa2.dll File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\UnfriendApp\Firefox\
O8 - Extra context menu item: S10 Autologin - C:\Program Files\S10 Password Vault\AutologinIE.htm File not found
O8 - Extra context menu item: S10 Autotype... - C:\Program Files\S10 Password Vault\AutotypeIE.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## Ditteaux (Feb 6, 2013)

C:\Documents and Settings\All Users\lxdd - Is a Txt document, Opens with Notepad, created 2008, Modified 12/6/2010
23.5 KB (23,096bytes) AND contains the following: (I don't know what it is or where it came from)
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

2008/10/21-16:45:55.625 ComClient LcsGetCurrentStateHid() exception=10093
2008/10/21-16:46:55.593 ComClient LcsGetCurrentStateHid() exception=10093
2008/10/21-16:47:55.593 ComClient LcsGetCurrentStateHid() exception=10093
2008/10/21-16:48:55.593 ComClient LcsGetCurrentStateHid() exception=10093
2009/09/17-14:47:25.171 ComClient LcsGetCurrentStateHid() exception=10106
ComClient LcsGetClientId() exception=10107
ComClient LcsGetClientId() exception=10107
ComClient LcsGetClientId() exception=10107
2010/10/13-04:41:39.890 ComClient LcsEnumWindowsHids() exception=10054
2010/10/13-04:41:51.406 ComClient LcsGetClientId() exception=10061
2010/10/13-04:41:57.421 ComClient LcsGetClientId() exception=10061
2010/10/13-04:42:03.328 ComClient LcsGetClientId() exception=10061
2010/10/13-04:42:09.234 ComClient LcsGetClientId() exception=10061
2010/10/13-04:42:15.140 ComClient LcsGetClientId() exception=10061
2010/10/13-04:42:21.156 ComClient LcsGetClientId() exception=10061
2010/10/13-04:42:27.171 ComClient LcsGetClientId() exception=10061
2010/10/13-04:42:33.078 ComClient LcsGetClientId() exception=10061
2010/10/13-04:42:39.203 ComClient LcsGetClientId() exception=10061
2010/10/13-04:42:45.328 ComClient LcsGetClientId() exception=10061
2010/10/13-04:42:51.453 ComClient LcsGetClientId() exception=10061
2010/10/13-04:42:57.578 ComClient LcsGetClientId() exception=10061
2010/10/13-04:43:03.703 ComClient LcsGetClientId() exception=10061
2010/10/13-04:43:09.828 ComClient LcsGetClientId() exception=10061
2010/10/13-04:43:15.734 ComClient LcsGetClientId() exception=10061
2010/10/13-04:43:21.640 ComClient LcsGetClientId() exception=10061
2010/10/13-04:43:27.656 ComClient LcsGetClientId() exception=10061
2010/10/13-04:43:33.671 ComClient LcsGetClientId() exception=10061
2010/10/13-04:43:39.578 ComClient LcsGetClientId() exception=10061
2010/10/13-04:43:45.484 ComClient LcsGetClientId() exception=10061
2010/10/13-04:44:01.562 ComClient LcsGetClientId() exception=10061
2010/10/13-04:44:07.578 ComClient LcsGetClientId() exception=10061
2010/10/13-04:44:13.703 ComClient LcsGetClientId() exception=10061
2010/10/13-04:44:19.828 ComClient LcsGetClientId() exception=10061
2010/10/13-04:44:25.953 ComClient LcsGetClientId() exception=10061
2010/10/13-04:44:32.078 ComClient LcsGetClientId() exception=10061
2010/10/13-04:44:38.203 ComClient LcsGetClientId() exception=10061
2010/10/13-04:44:44.328 ComClient LcsGetClientId() exception=10061
2010/10/13-04:44:50.343 ComClient LcsGetClientId() exception=10061
2010/10/13-04:44:56.468 ComClient LcsGetClientId() exception=10061
2010/10/13-04:45:02.375 ComClient LcsGetClientId() exception=10061
2010/10/13-04:45:08.281 ComClient LcsGetClientId() exception=10061
2010/10/13-04:45:14.187 ComClient LcsGetClientId() exception=10061
2010/10/13-04:45:20.093 ComClient LcsGetClientId() exception=10061
2010/10/13-04:45:26.109 ComClient LcsGetClientId() exception=10061
2010/10/13-04:45:32.015 ComClient LcsGetClientId() exception=10061
2010/10/13-04:45:37.921 ComClient LcsGetClientId() exception=10061
2010/10/13-04:45:43.828 ComClient LcsGetClientId() exception=10061
2010/10/13-04:45:49.953 ComClient LcsGetClientId() exception=10061
2010/10/13-04:45:56.078 ComClient LcsGetClientId() exception=10061
2010/10/13-04:46:02.203 ComClient LcsGetClientId() exception=10061
2010/10/13-04:46:18.281 ComClient LcsGetClientId() exception=10061
2010/10/13-04:46:24.625 ComClient LcsGetClientId() exception=10061
2010/10/13-04:46:30.640 ComClient LcsGetClientId() exception=10061
2010/10/13-04:46:36.875 ComClient LcsGetClientId() exception=10061
2010/10/13-04:46:42.890 ComClient LcsGetClientId() exception=10061
2010/10/13-04:46:48.906 ComClient LcsGetClientId() exception=10061
2010/10/13-04:46:54.921 ComClient LcsGetClientId() exception=10061
2010/10/13-04:47:00.937 ComClient LcsGetClientId() exception=10061
2010/10/13-04:47:06.953 ComClient LcsGetClientId() exception=10061
2010/10/13-04:47:12.968 ComClient LcsGetClientId() exception=10061
2010/10/13-04:47:18.875 ComClient LcsGetClientId() exception=10061
2010/10/13-04:47:24.890 ComClient LcsGetClientId() exception=10061
2010/10/13-04:47:31.015 ComClient LcsGetClientId() exception=10061
2010/10/13-04:47:37.250 ComClient LcsGetClientId() exception=10061
2010/10/13-04:47:43.375 ComClient LcsGetClientId() exception=10061
2010/10/13-04:47:49.718 ComClient LcsGetClientId() exception=10061
2010/10/13-04:47:55.625 ComClient LcsGetClientId() exception=10061
2010/10/13-04:48:01.640 ComClient LcsGetClientId() exception=10061
2010/10/13-04:48:07.875 ComClient LcsGetClientId() exception=10061
2010/10/13-04:48:14.218 ComClient LcsGetClientId() exception=10061
2010/10/13-04:48:20.234 ComClient LcsGetClientId() exception=10061
2010/10/13-04:48:36.312 ComClient LcsGetClientId() exception=10061
2010/10/13-04:48:42.328 ComClient LcsGetClientId() exception=10061
2010/10/13-04:48:48.453 ComClient LcsGetClientId() exception=10061
2010/10/13-04:48:54.468 ComClient LcsGetClientId() exception=10061
2010/10/13-04:49:00.703 ComClient LcsGetClientId() exception=10061
2010/10/13-04:49:06.828 ComClient LcsGetClientId() exception=10061
2010/10/13-04:49:13.171 ComClient LcsGetClientId() exception=10061
2010/10/13-04:49:19.296 ComClient LcsGetClientId() exception=10061
2010/10/13-04:49:25.531 ComClient LcsGetClientId() exception=10061
2010/10/13-04:49:31.875 ComClient LcsGetClientId() exception=10061
2010/10/13-04:49:38.109 ComClient LcsGetClientId() exception=10061
2010/10/13-04:49:44.343 ComClient LcsGetClientId() exception=10061
2010/10/13-04:49:50.468 ComClient LcsGetClientId() exception=10061
2010/10/13-04:49:56.484 ComClient LcsGetClientId() exception=10061
2010/10/13-04:50:02.609 ComClient LcsGetClientId() exception=10061
2010/10/13-04:50:08.625 ComClient LcsGetClientId() exception=10061
2010/10/13-04:50:14.640 ComClient LcsGetClientId() exception=10061
2010/10/13-04:50:20.765 ComClient LcsGetClientId() exception=10061
2010/10/13-04:50:26.890 ComClient LcsGetClientId() exception=10061
2010/10/13-04:50:33.125 ComClient LcsGetClientId() exception=10061
2010/10/13-04:50:41.463 ComClient LcsGetClientId() exception=10061
2010/10/13-04:50:57.541 ComClient LcsGetClientId() exception=10061
2010/10/13-04:51:03.666 ComClient LcsGetClientId() exception=10061
2010/10/13-04:51:09.682 ComClient LcsGetClientId() exception=10061
2010/10/13-04:51:15.807 ComClient LcsGetClientId() exception=10061
2010/10/13-04:51:21.932 ComClient LcsGetClientId() exception=10061
2010/10/13-04:51:28.057 ComClient LcsGetClientId() exception=10061
2010/10/13-04:51:34.182 ComClient LcsGetClientId() exception=10061
2010/10/13-04:51:40.526 ComClient LcsGetClientId() exception=10061
2010/10/13-04:51:46.760 ComClient LcsGetClientId() exception=10061
2010/10/13-04:51:52.776 ComClient LcsGetClientId() exception=10061
2010/10/13-04:51:58.791 ComClient LcsGetClientId() exception=10061
2010/10/13-04:52:04.916 ComClient LcsGetClientId() exception=10061
2010/10/13-04:52:10.823 ComClient LcsGetClientId() exception=10061
2010/10/13-04:52:16.838 ComClient LcsGetClientId() exception=10061
2010/10/13-04:52:22.963 ComClient LcsGetClientId() exception=10061
2010/10/13-04:52:29.088 ComClient LcsGetClientId() exception=10061
2010/10/13-04:52:35.213 ComClient LcsGetClientId() exception=10061
2010/10/13-04:52:41.448 ComClient LcsGetClientId() exception=10061
2010/10/13-04:52:47.573 ComClient LcsGetClientId() exception=10061
2010/10/13-04:52:54.135 ComClient LcsGetClientId() exception=10061
2010/10/13-04:53:00.260 ComClient LcsGetClientId() exception=10061
2010/10/13-04:53:16.338 ComClient LcsGetClientId() exception=10061
2010/10/13-04:53:22.573 ComClient LcsGetClientId() exception=10061
2010/10/13-04:53:28.807 ComClient LcsGetClientId() exception=10061
2010/10/13-04:53:34.823 ComClient LcsGetClientId() exception=10061
2010/10/13-04:53:40.838 ComClient LcsGetClientId() exception=10061
2010/10/13-04:53:47.073 ComClient LcsGetClientId() exception=10061
2010/10/13-04:53:53.088 ComClient LcsGetClientId() exception=10061
2010/10/13-04:53:59.323 ComClient LcsGetClientId() exception=10061
2010/10/13-04:54:05.338 ComClient LcsGetClientId() exception=10061
2010/10/13-04:54:11.463 ComClient LcsGetClientId() exception=10061
2010/10/13-04:54:17.479 ComClient LcsGetClientId() exception=10061
2010/10/13-04:54:23.604 ComClient LcsGetClientId() exception=10061
2010/10/13-04:54:29.948 ComClient LcsGetClientId() exception=10061
2010/10/13-04:54:36.073 ComClient LcsGetClientId() exception=10061
2010/10/13-04:54:42.088 ComClient LcsGetClientId() exception=10061
2010/10/13-04:54:48.432 ComClient LcsGetClientId() exception=10061
2010/10/13-04:54:54.776 ComClient LcsGetClientId() exception=10061
2010/10/13-04:55:01.119 ComClient LcsGetClientId() exception=10061
2010/10/13-04:55:07.135 ComClient LcsGetClientId() exception=10061
2010/10/13-04:55:13.260 ComClient LcsGetClientId() exception=10061
2010/10/13-04:55:19.276 ComClient LcsGetClientId() exception=10061
2010/10/13-04:55:35.463 ComClient LcsGetClientId() exception=10061
2010/10/13-04:55:41.588 ComClient LcsGetClientId() exception=10061
2010/10/13-04:55:47.713 ComClient LcsGetClientId() exception=10061
2010/10/13-04:55:53.729 ComClient LcsGetClientId() exception=10061
2010/10/13-04:55:59.744 ComClient LcsGetClientId() exception=10061
2010/10/13-04:56:05.979 ComClient LcsGetClientId() exception=10061
2010/10/13-04:56:12.323 ComClient LcsGetClientId() exception=10061
2010/10/13-04:56:18.557 ComClient LcsGetClientId() exception=10061
2010/10/13-04:56:24.791 ComClient LcsGetClientId() exception=10061
2010/10/13-04:56:30.916 ComClient LcsGetClientId() exception=10061
2010/10/13-04:56:37.151 ComClient LcsGetClientId() exception=10061
2010/10/13-04:56:43.276 ComClient LcsGetClientId() exception=10061
2010/10/13-04:56:49.291 ComClient LcsGetClientId() exception=10061
2010/10/13-04:56:55.416 ComClient LcsGetClientId() exception=10061
2010/10/13-04:57:01.541 ComClient LcsGetClientId() exception=10061
2010/10/13-04:57:07.666 ComClient LcsGetClientId() exception=10061
2010/10/13-04:57:13.682 ComClient LcsGetClientId() exception=10061
2010/10/13-04:57:20.026 ComClient LcsGetClientId() exception=10061
2010/10/13-04:57:26.041 ComClient LcsGetClientId() exception=10061
2010/10/13-04:57:32.166 ComClient LcsGetClientId() exception=10061
2010/10/13-04:57:38.401 ComClient LcsGetClientId() exception=10061
2010/10/13-04:57:54.479 ComClient LcsGetClientId() exception=10061
2010/10/13-04:58:00.823 ComClient LcsGetClientId() exception=10061
2010/10/13-04:58:06.838 ComClient LcsGetClientId() exception=10061
2010/10/13-04:58:13.073 ComClient LcsGetClientId() exception=10061
2010/10/13-04:58:19.088 ComClient LcsGetClientId() exception=10061
2010/10/13-04:58:25.323 ComClient LcsGetClientId() exception=10061
2010/10/13-04:58:31.557 ComClient LcsGetClientId() exception=10061
2010/10/13-04:58:37.682 ComClient LcsGetClientId() exception=10061
2010/10/13-04:58:43.807 ComClient LcsGetClientId() exception=10061
2010/10/13-04:58:55.291 ComClient LcsGetClientId() exception=10061
2010/10/13-04:59:05.901 ComClient LcsGetClientId() exception=10061
2010/10/13-04:59:14.323 ComClient LcsGetClientId() exception=10061
2010/10/13-04:59:20.338 ComClient LcsGetClientId() exception=10061
2010/10/13-04:59:26.463 ComClient LcsGetClientId() exception=10061
2010/10/13-04:59:32.479 ComClient LcsGetClientId() exception=10061
2010/10/13-04:59:38.494 ComClient LcsGetClientId() exception=10061
2010/10/13-04:59:44.619 ComClient LcsGetClientId() exception=10061
2010/10/13-04:59:50.635 ComClient LcsGetClientId() exception=10061
2010/10/13-04:59:56.760 ComClient LcsGetClientId() exception=10061
2010/10/13-05:00:02.776 ComClient LcsGetClientId() exception=10061
2010/10/13-05:00:08.791 ComClient LcsGetClientId() exception=10061
2010/10/13-05:00:25.526 ComClient LcsGetClientId() exception=10061
2010/10/13-05:00:31.979 ComClient LcsGetClientId() exception=10061
2010/10/13-05:00:38.323 ComClient LcsGetClientId() exception=10061
2010/10/13-05:00:44.448 ComClient LcsGetClientId() exception=10061
2010/10/13-05:00:50.682 ComClient LcsGetClientId() exception=10061
2010/10/13-05:00:57.026 ComClient LcsGetClientId() exception=10061
2010/10/13-05:01:03.260 ComClient LcsGetClientId() exception=10061
2010/10/13-05:01:09.276 ComClient LcsGetClientId() exception=10061
2010/10/13-05:01:15.291 ComClient LcsGetClientId() exception=10061
2010/10/13-05:01:21.416 ComClient LcsGetClientId() exception=10061
2010/10/13-05:01:27.432 ComClient LcsGetClientId() exception=10061
2010/10/13-05:01:33.557 ComClient LcsGetClientId() exception=10061
2010/10/13-05:01:39.573 ComClient LcsGetClientId() exception=10061
2010/10/13-05:01:45.807 ComClient LcsGetClientId() exception=10061
2010/10/13-05:01:52.041 ComClient LcsGetClientId() exception=10061
2010/10/13-05:01:58.166 ComClient LcsGetClientId() exception=10061
2010/10/13-05:02:04.291 ComClient LcsGetClientId() exception=10061
2010/10/13-05:02:10.635 ComClient LcsGetClientId() exception=10061
2010/10/13-05:02:16.979 ComClient LcsGetClientId() exception=10061
2010/10/13-05:02:23.323 ComClient LcsGetClientId() exception=10061
2010/10/13-05:02:29.557 ComClient LcsGetClientId() exception=10061
2010/10/13-05:02:45.635 ComClient LcsGetClientId() exception=10061
2010/10/13-05:02:51.869 ComClient LcsGetClientId() exception=10061
2010/10/13-05:02:57.885 ComClient LcsGetClientId() exception=10061
2010/10/13-05:03:03.963 ComClient LcsGetClientId() exception=10061
2010/10/13-05:03:09.979 ComClient LcsGetClientId() exception=10061
2010/10/13-05:03:15.994 ComClient LcsGetClientId() exception=10061
2010/10/13-05:03:22.119 ComClient LcsGetClientId() exception=10061
2010/10/13-05:03:28.135 ComClient LcsGetClientId() exception=10061
2010/10/13-05:03:34.260 ComClient LcsGetClientId() exception=10061
2010/10/13-05:03:40.276 ComClient LcsGetClientId() exception=10061
2010/10/13-05:03:46.510 ComClient LcsGetClientId() exception=10061
2010/10/13-05:03:52.635 ComClient LcsGetClientId() exception=10061
2010/10/13-05:03:58.760 ComClient LcsGetClientId() exception=10061
2010/10/13-05:04:04.994 ComClient LcsGetClientId() exception=10061
2010/10/13-05:04:11.229 ComClient LcsGetClientId() exception=10061
2010/10/13-05:04:17.573 ComClient LcsGetClientId() exception=10061
2010/10/13-05:04:23.916 ComClient LcsGetClientId() exception=10061
2010/10/13-05:04:30.151 ComClient LcsGetClientId() exception=10061
2010/10/13-05:04:36.276 ComClient LcsGetClientId() exception=10061
2010/10/13-05:04:42.291 ComClient LcsGetClientId() exception=10061
2010/10/13-05:04:48.416 ComClient LcsGetClientId() exception=10061
2010/10/13-05:05:04.494 ComClient LcsGetClientId() exception=10061
2010/10/13-05:05:10.619 ComClient LcsGetClientId() exception=10061
2010/10/13-05:05:16.635 ComClient LcsGetClientId() exception=10061
2010/10/13-05:05:22.760 ComClient LcsGetClientId() exception=10061
2010/10/13-05:05:28.776 ComClient LcsGetClientId() exception=10061
2010/10/13-05:05:35.119 ComClient LcsGetClientId() exception=10061
2010/10/13-05:05:41.244 ComClient LcsGetClientId() exception=10061
2010/10/13-05:05:47.479 ComClient LcsGetClientId() exception=10061
2010/10/13-05:05:53.713 ComClient LcsGetClientId() exception=10061
2010/10/13-05:05:59.838 ComClient LcsGetClientId() exception=10061
2010/10/13-05:06:05.963 ComClient LcsGetClientId() exception=10061
2010/10/13-05:06:11.979 ComClient LcsGetClientId() exception=10061
2010/10/13-05:06:17.994 ComClient LcsGetClientId() exception=10061
2010/10/13-05:06:24.119 ComClient LcsGetClientId() exception=10061
2010/10/13-05:06:30.135 ComClient LcsGetClientId() exception=10061
2010/10/13-05:06:36.260 ComClient LcsGetClientId() exception=10061
2010/10/13-05:06:42.494 ComClient LcsGetClientId() exception=10061
2010/10/13-05:06:48.729 ComClient LcsGetClientId() exception=10061
2010/10/13-05:06:55.073 ComClient LcsGetClientId() exception=10061
2010/10/13-05:07:01.416 ComClient LcsGetClientId() exception=10061
2010/10/13-05:07:07.651 ComClient LcsGetClientId() exception=10061
2010/10/13-05:07:23.948 ComClient LcsGetClientId() exception=10061
2010/10/13-05:07:30.182 ComClient LcsGetClientId() exception=10061
2010/10/13-05:07:36.307 ComClient LcsGetClientId() exception=10061
2010/10/13-05:07:42.432 ComClient LcsGetClientId() exception=10061
2010/10/13-05:07:48.666 ComClient LcsGetClientId() exception=10061
2010/10/13-05:07:54.682 ComClient LcsGetClientId() exception=10061
2010/10/13-05:08:00.807 ComClient LcsGetClientId() exception=10061
2010/10/13-05:08:06.823 ComClient LcsGetClientId() exception=10061
2010/10/13-05:08:12.838 ComClient LcsGetClientId() exception=10061
2010/10/13-05:08:18.963 ComClient LcsGetClientId() exception=10061
2010/10/13-05:08:25.088 ComClient LcsGetClientId() exception=10061
2010/10/13-05:08:31.323 ComClient LcsGetClientId() exception=10061
2010/10/13-05:08:37.557 ComClient LcsGetClientId() exception=10061
2010/10/13-05:08:43.791 ComClient LcsGetClientId() exception=10061
2010/10/13-05:08:49.916 ComClient LcsGetClientId() exception=10061
2010/10/13-05:08:55.932 ComClient LcsGetClientId() exception=10061
2010/10/13-05:09:02.260 ComClient LcsGetClientId() exception=10061
2010/10/13-05:09:08.385 ComClient LcsGetClientId() exception=10061
2010/10/13-05:09:14.510 ComClient LcsGetClientId() exception=10061
2010/10/13-05:09:20.526 ComClient LcsGetClientId() exception=10061
2010/10/13-05:09:26.541 ComClient LcsGetClientId() exception=10061
2010/10/13-05:09:42.619 ComClient LcsGetClientId() exception=10061
2010/10/13-05:09:48.744 ComClient LcsGetClientId() exception=10061
2010/10/13-05:09:55.088 ComClient LcsGetClientId() exception=10061
2010/10/13-05:10:01.432 ComClient LcsGetClientId() exception=10061
2010/10/13-05:10:07.666 ComClient LcsGetClientId() exception=10061
2010/10/13-05:10:13.791 ComClient LcsGetClientId() exception=10061
2010/10/13-05:10:20.135 ComClient LcsGetClientId() exception=10061
2010/10/13-05:10:26.260 ComClient LcsGetClientId() exception=10061
2010/10/13-05:10:32.276 ComClient LcsGetClientId() exception=10061
2010/10/13-05:10:38.291 ComClient LcsGetClientId() exception=10061
2010/10/13-05:10:44.416 ComClient LcsGetClientId() exception=10061
2010/10/13-05:10:50.541 ComClient LcsGetClientId() exception=10061
2010/10/13-05:10:56.776 ComClient LcsGetClientId() exception=10061
2010/10/13-05:11:02.791 ComClient LcsGetClientId() exception=10061
2010/10/13-05:11:09.135 ComClient LcsGetClientId() exception=10061
2010/10/13-05:11:15.479 ComClient LcsGetClientId() exception=10061
2010/10/13-05:11:21.713 ComClient LcsGetClientId() exception=10061
2010/10/13-05:11:28.166 ComClient LcsGetClientId() exception=10061
2010/10/13-05:11:34.510 ComClient LcsGetClientId() exception=10061
2010/10/13-05:11:40.635 ComClient LcsGetClientId() exception=10061
2010/10/13-05:11:46.869 ComClient LcsGetClientId() exception=10061
2010/10/13-05:12:03.276 ComClient LcsGetClientId() exception=10061
2010/10/13-05:12:09.729 ComClient LcsGetClientId() exception=10061
2010/10/13-05:12:15.963 ComClient LcsGetClientId() exception=10061
2010/10/13-05:12:22.088 ComClient LcsGetClientId() exception=10061
2010/10/13-05:12:28.213 ComClient LcsGetClientId() exception=10061
2010/10/13-05:12:34.229 ComClient LcsGetClientId() exception=10061
2010/10/13-05:12:40.244 ComClient LcsGetClientId() exception=10061
2010/10/13-05:12:46.479 ComClient LcsGetClientId() exception=10061
2010/10/13-05:12:52.823 ComClient LcsGetClientId() exception=10061
2010/10/13-05:12:59.057 ComClient LcsGetClientId() exception=10061
2010/10/13-05:13:05.182 ComClient LcsGetClientId() exception=10061
2010/10/13-05:13:11.416 ComClient LcsGetClientId() exception=10061
2010/10/13-05:13:17.432 ComClient LcsGetClientId() exception=10061
2010/10/13-05:13:23.666 ComClient LcsGetClientId() exception=10061
2010/10/13-05:13:29.791 ComClient LcsGetClientId() exception=10061
2010/10/13-05:13:36.026 ComClient LcsGetClientId() exception=10061
2010/10/13-05:13:42.041 ComClient LcsGetClientId() exception=10061
2010/10/13-05:13:48.166 ComClient LcsGetClientId() exception=10061
2010/10/13-05:13:54.182 ComClient LcsGetClientId() exception=10061
2010/10/13-05:14:00.198 ComClient LcsGetClientId() exception=10061
2010/10/13-05:14:06.323 ComClient LcsGetClientId() exception=10061
2010/10/13-05:14:22.619 ComClient LcsGetClientId() exception=10061
2010/10/13-05:14:28.635 ComClient LcsGetClientId() exception=10061
2010/10/13-05:14:34.869 ComClient LcsGetClientId() exception=10061
2010/10/13-05:14:40.994 ComClient LcsGetClientId() exception=10061
2010/10/13-05:14:47.119 ComClient LcsGetClientId() exception=10061
2010/10/13-05:14:53.135 ComClient LcsGetClientId() exception=10061
2010/10/13-05:14:59.369 ComClient LcsGetClientId() exception=10061
2010/10/13-05:15:05.276 ComClient LcsGetClientId() exception=10061
2010/10/13-05:15:11.291 ComClient LcsGetClientId() exception=10061
2010/10/13-05:15:17.635 ComClient LcsGetClientId() exception=10061
2010/10/13-05:15:23.869 ComClient LcsGetClientId() exception=10061
2010/10/13-05:15:30.323 ComClient LcsGetClientId() exception=10061
2010/10/13-05:15:36.557 ComClient LcsGetClientId() exception=10061
2010/10/13-05:15:42.682 ComClient LcsGetClientId() exception=10061
2010/10/13-05:15:48.916 ComClient LcsGetClientId() exception=10061
2010/10/13-05:15:55.260 ComClient LcsGetClientId() exception=10061
2010/10/13-05:16:01.385 ComClient LcsGetClientId() exception=10061
2010/10/13-05:16:07.510 ComClient LcsGetClientId() exception=10061
2010/10/13-05:16:13.854 ComClient LcsGetClientId() exception=10061
2010/10/13-05:16:19.979 ComClient LcsGetClientId() exception=10061
2010/10/13-05:16:25.994 ComClient LcsGetClientId() exception=10061
2010/11/28-22:10:17.406 ComClient LcsGetCurrentStateHid() exception=10022
2010/12/06-06:18:08.765 ComClient LcsGetClientId() exception=10061
2010/12/06-06:18:09.812 ComClient LcsGetClientId() exception=10061


----------



## Ditteaux (Feb 6, 2013)

OTL logfile created on: 4/7/2013 4:06:37 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 65.03% Memory free
3.84 Gb Paging File | 3.17 Gb Available in Paging File | 82.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 96.50 Gb Total Space | 55.09 Gb Free Space | 57.08% Space Free | Partition Type: NTFS
Drive D: | 14.27 Gb Total Space | 1.27 Gb Free Space | 8.88% Space Free | Partition Type: FAT32

Computer Name: YOUR-252739F5C3 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/05 19:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/03/09 18:22:02 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/18 21:04:15 | 013,105,848 | ---- | M] (The Weather Channel) -- C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/08/23 12:31:24 | 001,532,280 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2012/08/23 12:31:24 | 001,222,008 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/24 00:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/13 21:16:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/07 04:45:33 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e672eebe01bcdc81f24acdd8765711b7\System.ServiceModel.ni.dll
MOD - [2013/02/07 03:39:37 | 000,298,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Automation\af69a1e077f076b755832b6fb68a7f56\Inkjet.Automation.ni.dll
MOD - [2013/02/07 03:39:28 | 000,095,744 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.DeviceSettin#\92a0f86c732436ac5c8ad60d7512a140\Inkjet.DeviceSettings.ni.dll
MOD - [2013/02/07 03:39:26 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Localization\61f51299025899bc1c308e9457801cfe\Inkjet.Localization.ni.dll
MOD - [2013/02/07 03:39:22 | 000,302,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Utilities\12a4c3e35a3a53b29c3f69f0a12315f3\Inkjet.Utilities.ni.dll
MOD - [2013/02/07 03:39:20 | 000,161,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.EKAiO2SDKLib\010fbf16f39b67efb0d65d424f939b26\Interop.EKAiO2SDKLib.ni.dll
MOD - [2013/02/07 03:39:19 | 000,890,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Hardware\ba49cbf5b2dd5f8774e3640ebc2c16e2\Inkjet.Hardware.ni.dll
MOD - [2013/02/07 03:39:16 | 000,179,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Statistics\b330cef7fd6f098684a32fbbf78ef604\Inkjet.Statistics.ni.dll
MOD - [2013/02/07 03:39:10 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Configuration\6f9ff38703dc4d0c7c57d0f4fbac74be\Inkjet.Configuration.ni.dll
MOD - [2013/02/07 03:39:09 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Diagnostics\a351836800136dc17d5f5eaf74a10c19\Inkjet.Diagnostics.ni.dll
MOD - [2013/02/07 03:36:12 | 000,188,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\b2c96ad8c083f1e333e17c35631335a6\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/02/07 03:36:10 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5b96ee4992d9559ba5483c769bc5c889\UIAutomationTypes.ni.dll
MOD - [2013/02/07 03:36:09 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\55ab32987c35d3d1b2a39be3098aff33\UIAutomationProvider.ni.dll
MOD - [2013/02/07 03:33:08 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b7d0ec51d35b10a951709d67a006caff\System.Xml.Linq.ni.dll
MOD - [2013/02/07 03:33:05 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e4cd33f11a3ae490d3c22e0cd6fdf69b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/02/07 03:33:01 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\928c67f0b00a834db1bd2de4a9640612\SMDiagnostics.ni.dll
MOD - [2013/02/07 03:33:00 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9819e790d082ea005c53c88875947436\System.Runtime.Serialization.ni.dll
MOD - [2013/02/07 03:32:17 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\33e724f77b380c9d94a332cabc677b5c\System.Xaml.ni.dll
MOD - [2013/02/07 03:26:09 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\39b6ffaaaacb0ff06949f83e517d541f\System.Runtime.Remoting.ni.dll
MOD - [2013/02/07 03:25:55 | 001,878,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Deployment\fd694dbf57cb6bdae4ab50d1c6f4ee44\System.Deployment.ni.dll
MOD - [2013/02/07 01:19:54 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9a1df03a8c629fa4f2be9f969ccda31c\PresentationFramework.ni.dll
MOD - [2013/02/07 01:19:29 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\87ac01901b750ecb16434bc9bc968745\System.Windows.Forms.ni.dll
MOD - [2013/02/07 01:19:22 | 011,106,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\84cbb8949b4d11ad357d35613a6daa1d\PresentationCore.ni.dll
MOD - [2013/02/07 01:19:01 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\59ec1e9b2be38fb39651664f6c83fdfa\WindowsBase.ni.dll
MOD - [2013/02/07 01:18:54 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\678ced31fce4daeb68c6637b855d4cbc\System.Drawing.ni.dll
MOD - [2013/02/07 01:18:34 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\1f8dadfe1e6c9b7c30c6cf6a21639a1a\System.Core.ni.dll
MOD - [2013/02/07 01:18:29 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\8b52a990eb3a96c252b35deadcecbf6f\System.Xml.ni.dll
MOD - [2013/02/07 01:18:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\448d9a8df0c78ad37ee7d88ccd5071f6\System.Configuration.ni.dll
MOD - [2013/02/07 01:18:18 | 000,284,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5fb7081c1c8ab76cf111ed621c5ef88c\PresentationFramework.Classic.ni.dll
MOD - [2013/02/07 01:18:12 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\664e86bc2d437899285b328cfaae0e28\System.ni.dll
MOD - [2013/02/07 01:17:56 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2013/02/07 01:06:34 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/02/07 01:06:10 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/02/02 05:19:46 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/02 05:16:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2006/11/07 19:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll
MOD - [2005/12/24 00:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lxddcoms.exe -- (lxdd_device)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/03/13 00:43:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/09 18:22:02 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/08/23 12:31:24 | 001,532,280 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/12/30 04:37:55 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/07/04 16:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/12/07 19:22:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/05/20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/10/31 18:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/01 02:11:54 | 000,630,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/06 14:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/03/14 14:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 07:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/19 16:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 16:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 16:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 11:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 11:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 11:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/08/04 01:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

[2012/01/01 16:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Extensions
[2012/01/01 16:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdjvu.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Crackle = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Google Voice (by Google) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\

O1 HOSTS File: ([2013/02/27 13:26:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKCU..\Run: [DW7] C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab (DjVuCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.11/uploader2.cab (UploadListView Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1360213034431 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D87BB8-5C6E-4171-A518-8F4560DF8011}: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valued Customer\My Documents\My Pictures\Picasa\Backgrounds\picasabackground-016.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/07 03:56:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/05 19:44:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2013/04/05 12:36:39 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\dds.4.5.13.scr
[2013/04/05 12:09:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/04/04 15:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/04/04 11:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/04/04 11:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/04 11:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/04/04 11:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2013/03/11 16:49:43 | 000,465,280 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/03/11 16:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2013/02/18 14:19:45 | 011,004,488 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/04/07 04:08:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\cmsstorage.lst
[2013/04/07 04:08:11 | 000,000,078 | -H-- | M] () -- C:\cmsstorage.lst
[2013/04/07 04:03:19 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005UA.job
[2013/04/07 04:01:26 | 000,000,029 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/07 04:01:25 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93569A66-A285-4B40-A523-6AAED93BF3BB}.job
[2013/04/07 03:59:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/07 03:59:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/07 03:59:40 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/07 03:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/07 03:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/06 05:01:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005Core.job
[2013/04/05 19:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2013/04/05 13:00:52 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/05 12:36:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\dds.4.5.13.scr
[2013/04/05 12:15:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/04 16:54:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2013/04/04 15:49:29 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/04/04 11:23:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/31 00:35:14 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/27 00:36:26 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/11 21:38:44 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/11 16:49:46 | 000,465,280 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/03/11 12:00:29 | 000,569,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 12:00:29 | 000,113,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/04/05 12:15:00 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/05 12:15:00 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Start Menu\Programs\Internet Explorer.lnk
[2013/04/04 11:40:03 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/27 00:36:26 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/11 21:38:44 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/01/26 18:35:38 | 000,536,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-122302908-1542226243-4210850061-1005-0.dat
[2013/01/24 22:48:40 | 000,235,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/01 10:50:54 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\burnaware.ini
[2012/08/21 10:03:56 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/07/25 16:37:22 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\dt.dat
[2012/02/16 14:25:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/26 04:39:44 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/14 00:02:05 | 000,006,604 | ---- | C] () -- C:\Documents and Settings\All Users\lxdd
[2009/12/19 12:55:18 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/01/19 22:42:36 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/20 13:08:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\wklnhst.dat
[2007/12/17 17:12:45 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/29 13:39:27 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/03/28 08:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/11/29 02:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/01/26 00:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/27 09:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/01/21 10:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2012/09/27 23:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/01/26 03:02:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/26 01:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/09/17 14:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2007/12/16 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2007/12/26 11:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011/12/19 22:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2012/01/26 01:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/04/06 17:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/12/21 01:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2012/01/27 08:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/12/16 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2013/01/12 06:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REGSERVO
[2011/12/16 12:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\S10 Software
[2007/12/22 08:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/12/31 22:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftByNX
[2012/02/11 07:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/01/01 16:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2012/10/27 11:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2008/04/26 06:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2013/01/27 09:09:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/01/27 09:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG
[2012/01/26 03:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG2012
[2012/09/27 23:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG2013
[2012/08/05 13:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/11 07:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\DriverCure
[2013/02/07 00:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\ElevatedDiagnostics
[2008/01/17 19:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\F-Secure
[2009/11/19 20:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\FedEx
[2009/11/09 23:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1
[2008/01/11 19:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\FUJIFILM
[2008/01/12 19:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Jane s Hotel
[2007/12/20 17:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Leadertech
[2007/12/22 20:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Lexmark Imaging Studio
[2010/03/17 20:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\mjusbsp
[2009/03/10 10:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\MSNInstaller
[2007/12/21 02:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\muvee Technologies
[2008/04/26 06:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Netscape
[2011/12/03 19:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Pamela
[2011/12/08 15:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Pamela Call Recorder
[2008/01/15 18:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Printer Info Cache
[2011/12/16 12:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\S10 Software
[2009/03/26 01:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Snapfish
[2012/11/04 12:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Softland
[2012/02/11 07:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\SpeedyPC Software
[2011/12/15 13:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Temp
[2008/01/20 14:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Template
[2012/01/01 16:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\TomTom
[2013/01/27 10:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\TuneUp Software
[2007/12/20 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Walgreens
[2008/10/01 17:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Windows Desktop Search
[2008/10/02 14:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Windows Search

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

It appears that the file belongs to Lexmark so it's valid.

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
CHR - homepage: http://search.iminent.com/?appId=257...2-62D50C69CF94
[2007/12/16 17:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2013/01/12 06:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REGSERVO
[2010/12/31 22:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftByNX
[2012/02/11 07:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/02/11 07:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\DriverCure
[2013/02/07 00:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\ElevatedDiagnostics
[2012/02/11 07:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\SpeedyPC Software
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## Ditteaux (Feb 6, 2013)

OTL logfile created on: 4/8/2013 1:02:44 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.12% Memory free
3.84 Gb Paging File | 2.95 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 96.50 Gb Total Space | 55.15 Gb Free Space | 57.15% Space Free | Partition Type: NTFS
Drive D: | 14.27 Gb Total Space | 1.27 Gb Free Space | 8.88% Space Free | Partition Type: FAT32

Computer Name: YOUR-252739F5C3 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/05 19:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
PRC - [2013/03/21 18:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/03/09 18:22:02 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/26 23:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/19 04:01:34 | 001,116,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/02/19 04:01:04 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/02/18 21:04:15 | 013,105,848 | ---- | M] (The Weather Channel) -- C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/08/23 12:31:24 | 001,532,280 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2012/08/23 12:31:24 | 001,222,008 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/24 00:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/21 18:50:33 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll
MOD - [2013/03/21 18:50:31 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013/03/21 18:49:38 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2013/02/13 21:16:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/07 04:45:33 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e672eebe01bcdc81f24acdd8765711b7\System.ServiceModel.ni.dll
MOD - [2013/02/07 03:39:37 | 000,298,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Automation\af69a1e077f076b755832b6fb68a7f56\Inkjet.Automation.ni.dll
MOD - [2013/02/07 03:39:28 | 000,095,744 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.DeviceSettin#\92a0f86c732436ac5c8ad60d7512a140\Inkjet.DeviceSettings.ni.dll
MOD - [2013/02/07 03:39:26 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Localization\61f51299025899bc1c308e9457801cfe\Inkjet.Localization.ni.dll
MOD - [2013/02/07 03:39:22 | 000,302,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Utilities\12a4c3e35a3a53b29c3f69f0a12315f3\Inkjet.Utilities.ni.dll
MOD - [2013/02/07 03:39:20 | 000,161,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.EKAiO2SDKLib\010fbf16f39b67efb0d65d424f939b26\Interop.EKAiO2SDKLib.ni.dll
MOD - [2013/02/07 03:39:19 | 000,890,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Hardware\ba49cbf5b2dd5f8774e3640ebc2c16e2\Inkjet.Hardware.ni.dll
MOD - [2013/02/07 03:39:16 | 000,179,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Statistics\b330cef7fd6f098684a32fbbf78ef604\Inkjet.Statistics.ni.dll
MOD - [2013/02/07 03:39:10 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Configuration\6f9ff38703dc4d0c7c57d0f4fbac74be\Inkjet.Configuration.ni.dll
MOD - [2013/02/07 03:39:09 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Diagnostics\a351836800136dc17d5f5eaf74a10c19\Inkjet.Diagnostics.ni.dll
MOD - [2013/02/07 03:36:12 | 000,188,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\b2c96ad8c083f1e333e17c35631335a6\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/02/07 03:36:10 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5b96ee4992d9559ba5483c769bc5c889\UIAutomationTypes.ni.dll
MOD - [2013/02/07 03:36:09 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\55ab32987c35d3d1b2a39be3098aff33\UIAutomationProvider.ni.dll
MOD - [2013/02/07 03:33:08 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b7d0ec51d35b10a951709d67a006caff\System.Xml.Linq.ni.dll
MOD - [2013/02/07 03:33:05 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e4cd33f11a3ae490d3c22e0cd6fdf69b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/02/07 03:33:01 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\928c67f0b00a834db1bd2de4a9640612\SMDiagnostics.ni.dll
MOD - [2013/02/07 03:33:00 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9819e790d082ea005c53c88875947436\System.Runtime.Serialization.ni.dll
MOD - [2013/02/07 03:32:17 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\33e724f77b380c9d94a332cabc677b5c\System.Xaml.ni.dll
MOD - [2013/02/07 03:26:09 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\39b6ffaaaacb0ff06949f83e517d541f\System.Runtime.Remoting.ni.dll
MOD - [2013/02/07 03:25:55 | 001,878,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Deployment\fd694dbf57cb6bdae4ab50d1c6f4ee44\System.Deployment.ni.dll
MOD - [2013/02/07 01:19:54 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9a1df03a8c629fa4f2be9f969ccda31c\PresentationFramework.ni.dll
MOD - [2013/02/07 01:19:29 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\87ac01901b750ecb16434bc9bc968745\System.Windows.Forms.ni.dll
MOD - [2013/02/07 01:19:22 | 011,106,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\84cbb8949b4d11ad357d35613a6daa1d\PresentationCore.ni.dll
MOD - [2013/02/07 01:19:01 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\59ec1e9b2be38fb39651664f6c83fdfa\WindowsBase.ni.dll
MOD - [2013/02/07 01:18:54 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\678ced31fce4daeb68c6637b855d4cbc\System.Drawing.ni.dll
MOD - [2013/02/07 01:18:34 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\1f8dadfe1e6c9b7c30c6cf6a21639a1a\System.Core.ni.dll
MOD - [2013/02/07 01:18:29 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\8b52a990eb3a96c252b35deadcecbf6f\System.Xml.ni.dll
MOD - [2013/02/07 01:18:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\448d9a8df0c78ad37ee7d88ccd5071f6\System.Configuration.ni.dll
MOD - [2013/02/07 01:18:18 | 000,284,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5fb7081c1c8ab76cf111ed621c5ef88c\PresentationFramework.Classic.ni.dll
MOD - [2013/02/07 01:18:12 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\664e86bc2d437899285b328cfaae0e28\System.ni.dll
MOD - [2013/02/07 01:17:56 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2013/02/07 01:06:34 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/02/07 01:06:10 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/02/02 05:19:46 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/02 05:16:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2006/11/07 19:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll
MOD - [2005/12/24 00:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lxddcoms.exe -- (lxdd_device)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/03/13 00:43:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/09 18:22:02 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/08/23 12:31:24 | 001,532,280 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/02/15 12:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/12/30 04:37:55 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/07/04 16:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/12/07 19:22:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/05/20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/10/31 18:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/01 02:11:54 | 000,630,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/06 14:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/03/14 14:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 07:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/19 16:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 16:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 16:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 11:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 11:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 11:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/08/04 01:31:28 | 000,154,624 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = 
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

[2012/01/01 16:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Extensions
[2012/01/01 16:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Valued Customer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdjvu.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Crackle = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\

O1 HOSTS File: ([2013/02/27 13:26:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKCU..\Run: [DW7] C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab (DjVuCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.11/uploader2.cab (UploadListView Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1360213034431 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D87BB8-5C6E-4171-A518-8F4560DF8011}: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valued Customer\My Documents\My Pictures\Picasa\Backgrounds\picasabackground-016.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/07 03:56:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/05 19:44:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2013/04/05 12:36:39 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\dds.4.5.13.scr
[2013/04/05 12:09:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/04/04 15:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/04/04 11:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/04/04 11:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/04 11:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/04/04 11:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2013/03/11 16:49:43 | 000,465,280 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/03/11 16:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2013/02/18 14:19:45 | 011,004,488 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/04/08 01:02:43 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93569A66-A285-4B40-A523-6AAED93BF3BB}.job
[2013/04/08 01:01:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005UA.job
[2013/04/08 00:57:07 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\cmsstorage.lst
[2013/04/08 00:57:06 | 000,000,078 | -H-- | M] () -- C:\cmsstorage.lst
[2013/04/08 00:50:27 | 000,000,029 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/08 00:48:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/08 00:48:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/08 00:48:31 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/08 00:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/08 00:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/07 05:01:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-122302908-1542226243-4210850061-1005Core.job
[2013/04/05 19:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2013/04/05 13:00:52 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/05 12:36:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Valued Customer\Desktop\dds.4.5.13.scr
[2013/04/05 12:15:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/04 16:54:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2013/04/04 15:49:29 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/04/04 11:23:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/31 00:35:14 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/27 00:36:26 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/11 21:38:44 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/11 16:49:46 | 000,465,280 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/03/11 12:00:29 | 000,569,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 12:00:29 | 000,113,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/04/05 12:15:00 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/05 12:15:00 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Start Menu\Programs\Internet Explorer.lnk
[2013/04/04 11:40:03 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/27 00:36:26 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/11 21:38:44 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/01/26 18:35:38 | 000,536,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-122302908-1542226243-4210850061-1005-0.dat
[2013/01/24 22:48:40 | 000,235,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/01 10:50:54 | 000,000,460 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\burnaware.ini
[2012/08/21 10:03:56 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/07/25 16:37:22 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\dt.dat
[2012/02/16 14:25:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/26 04:39:44 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/14 00:02:05 | 000,006,604 | ---- | C] () -- C:\Documents and Settings\All Users\lxdd
[2009/12/19 12:55:18 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/01/19 22:42:36 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/20 13:08:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\wklnhst.dat
[2007/12/17 17:12:45 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/29 13:39:27 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/03/28 08:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/11/29 02:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/01/26 00:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/27 09:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/01/21 10:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2012/09/27 23:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/01/26 03:02:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/26 01:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/09/17 14:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2007/12/16 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2007/12/26 11:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011/12/19 22:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2012/01/26 01:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/04/07 17:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/12/21 01:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2012/01/27 08:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/12/16 12:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\S10 Software
[2007/12/22 08:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2012/01/01 16:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2012/10/27 11:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2008/04/26 06:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2013/01/27 09:09:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/01/27 09:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG
[2012/01/26 03:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG2012
[2012/09/27 23:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\AVG2013
[2012/08/05 13:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/01/17 19:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\F-Secure
[2009/11/19 20:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\FedEx
[2009/11/09 23:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1
[2008/01/11 19:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\FUJIFILM
[2008/01/12 19:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Jane s Hotel
[2007/12/20 17:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Leadertech
[2007/12/22 20:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Lexmark Imaging Studio
[2010/03/17 20:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\mjusbsp
[2009/03/10 10:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\MSNInstaller
[2007/12/21 02:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\muvee Technologies
[2008/04/26 06:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Netscape
[2011/12/03 19:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Pamela
[2011/12/08 15:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Pamela Call Recorder
[2008/01/15 18:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Printer Info Cache
[2011/12/16 12:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\S10 Software
[2009/03/26 01:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Snapfish
[2012/11/04 12:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Softland
[2011/12/15 13:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Temp
[2008/01/20 14:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Template
[2012/01/01 16:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\TomTom
[2013/01/27 10:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\TuneUp Software
[2007/12/20 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Walgreens
[2008/10/01 17:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Windows Desktop Search
[2008/10/02 14:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Windows Search

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## Ditteaux (Feb 6, 2013)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Valued Customer on Mon 04/08/2013 at 17:08:34.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/08/2013 at 17:15:01.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Cookiegal (Aug 27, 2003)

How are things now?


----------



## Ditteaux (Feb 6, 2013)

Iminent is GONE. NO trace...


----------



## Cookiegal (Aug 27, 2003)

Please open OTL again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTL program.


----------

