[Resolved] Computer ++ lagging - HJT log inside

  1. 14-10-2009  #31
    broni
    broni is offline Senior Member

    re: [Resolved] Computer ++ lagging - HJT log inside

    Try to run it in Safe Mode.

  3. 14-10-2009  #32
    broni
    broni is offline Senior Member
    If no result after 30 minutes, let me know.
  4. 14-10-2009  #33
    lurla
    lurla is offline Valued Member
    the icon isnt on my desktop in safe mode.
  5. 14-10-2009  #34
    broni
    broni is offline Senior Member
    Some icons in Safe Mode are hiding outside visible screen.
    In Normal Mode, try to put Combofix icon somewhere near Start button and then try Safe Mode again, or open Windows Explorer and it should be located in Desktop folder.
  6. 14-10-2009  #35
    lurla
    lurla is offline Valued Member
    ok i tried both.. i moved the combofix and it wasnt there.. the file name WAS there in explorer, but when clicked, brought me to the same menu as the My Computer icon.
  7. 14-10-2009  #36
    broni
    broni is offline Senior Member
    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll

    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
      Since those are pretty big files, you can attach them, if you wish.
  8. 15-10-2009  #37
    lurla
    lurla is offline Valued Member
    ok i attached the Extras.txt but the OTL txt was too large to attach so i copy/pasted

    OTL logfile created on: 10/14/2009 11:06:14 PM - Run 1
    OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.54% Memory free
    3.84 Gb Paging File | 3.06 Gb Available in Paging File | 79.55% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 30.61 Gb Free Space | 27.38% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SHYLA
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2009/10/14 23:02:24 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2009/09/23 15:16:24 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2009/09/23 15:16:23 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2009/09/15 11:42:42 | 01,998,576 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2009/08/17 13:37:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    PRC - [2009/08/17 13:37:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
    PRC - [2009/08/17 13:37:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    PRC - [2009/08/17 13:34:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    PRC - [2009/08/17 13:28:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/05/14 22:52:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
    PRC - [2009/02/06 07:11:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\wmiprvse.exe
    PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    PRC - [2008/01/08 22:03:42 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2007/06/13 07:53:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
    PRC - [2007/02/26 13:53:26 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2007/01/11 13:57:22 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    PRC - [2006/08/25 19:17:12 | 00,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    PRC - [2006/08/02 06:09:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2006/08/02 06:08:30 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    PRC - [2006/08/02 06:02:44 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    PRC - [2006/08/02 06:01:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2006/08/02 05:57:54 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2006/08/02 05:54:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2006/07/13 16:27:16 | 00,528,384 | ---- | M] ( ) -- C:\windows\System32\lxctcoms.exe
    PRC - [2006/06/07 02:05:20 | 00,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5400 Series\ezprint.exe
    PRC - [2006/05/19 16:43:38 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    PRC - [2006/05/04 20:29:16 | 16,206,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\RTHDCPL.EXE
    PRC - [2006/04/10 02:54:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\windows\eHome\ehRecvr.exe
    PRC - [2006/03/23 01:47:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\windows\System32\igfxpers.exe
    PRC - [2006/03/23 01:43:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\windows\System32\hkcmd.exe
    PRC - [2006/03/16 18:28:50 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2006/03/02 05:32:08 | 00,761,948 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    PRC - [2006/03/02 05:20:52 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
    PRC - [2006/02/07 22:00:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    PRC - [2006/02/02 17:41:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
    PRC - [2005/12/12 21:20:02 | 00,088,204 | ---- | M] (Agere Systems) -- C:\windows\AGRSMMSG.exe
    PRC - [2005/08/16 16:53:12 | 00,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    PRC - [2005/08/05 19:26:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
    PRC - [2005/08/05 19:26:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\eHome\ehSched.exe
    PRC - [2005/08/05 19:26:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\windows\eHome\ehmsas.exe
    PRC - [2005/08/05 18:57:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
    PRC - [2005/06/01 02:29:58 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\windows\System32\TPSBattM.exe
    PRC - [2005/04/26 21:43:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2005/01/17 21:08:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004/12/30 06:02:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    PRC - [2004/10/13 13:54:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    PRC - [2004/08/27 14:07:00 | 00,155,648 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\windows\System32\RAMASST.exe
    PRC - [2004/08/27 14:03:00 | 00,110,592 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\windows\System32\DVDRAMSV.exe
    PRC - [2004/08/17 17:07:44 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
    PRC - [2004/08/10 09:30:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\unsecapp.exe
    PRC - [2002/10/14 15:03:18 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXBCES.EXE
    PRC - [2002/10/14 15:00:42 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXPPS.EXE

    ========== Win32 Services (SafeList) ==========

    SRV - [2009/09/23 15:16:23 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
    SRV - [2009/08/17 13:37:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
    SRV - [2009/08/17 13:37:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
    SRV - [2009/08/17 13:34:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
    SRV - [2009/08/17 13:28:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
    SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
    SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
    SRV - [2009/05/14 22:52:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
    SRV - [2009/04/22 14:58:36 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c36fc5f289c4 [Auto | Stopped])
    SRV - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Stopped])
    SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
    SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
    SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
    SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
    SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
    SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
    SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
    SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe -- (aspnet_state [On_Demand | Stopped])
    SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
    SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
    SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
    SRV - [2006/08/02 06:09:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
    SRV - [2006/08/02 06:01:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
    SRV - [2006/08/02 05:54:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
    SRV - [2006/07/13 16:27:16 | 00,528,384 | ---- | M] ( ) -- C:\windows\System32\lxctcoms.exe -- (lxct_device [Auto | Running])
    SRV - [2006/04/10 02:54:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\windows\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
    SRV - [2006/02/07 22:00:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
    SRV - [2005/08/05 19:26:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\eHome\ehSched.exe -- (ehSched [Auto | Running])
    SRV - [2005/08/05 18:57:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
    SRV - [2005/01/17 21:08:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
    SRV - [2004/10/22 08:54:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
    SRV - [2004/08/27 14:03:00 | 00,110,592 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\windows\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
    SRV - [2004/08/10 09:41:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mhn.dll -- (MHN [On_Demand | Stopped])
    SRV - [2004/08/10 09:30:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
    SRV - [2003/07/28 17:58:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
    SRV - [2002/10/14 15:03:18 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to Facebook | Facebook
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Canada - The all-new MSN Canada, home of world-class services such as Hotmail, Windows Live Messenger, and News, Sports, Financial and Entertainment services
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 18 76 24 31 37 CA 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.ca"
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.0.0
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun. com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/14 22:52:23 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{20a8264 5-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 03:00:33 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/05/18 16:06:48 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/22 00:19:46 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdTh underbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension

    [2009/05/18 16:06:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
    [2009/05/18 16:06:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/09/15 16:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\he9t6fnd.default\ext ensions
    [2009/06/29 16:25:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\he9t6fnd.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/05/18 16:20:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\he9t6fnd.default\ext ensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    [2009/05/18 16:20:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\he9t6fnd.default\ext ensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/09/15 09:42:27 | 00,002,163 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\he9t6fnd.default\sea rchplugins\bing.xml
    [2009/05/18 16:06:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/05/18 16:06:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/04/24 02:08:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/04/24 02:08:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2009/04/24 02:08:33 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2009/04/23 22:09:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2009/04/23 22:09:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2009/04/23 22:09:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2009/04/23 22:09:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2009/04/23 22:09:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/04/23 22:09:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2009/04/23 22:09:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (305692 bytes) - C:\windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 008k.com - 008 k Resources and Information.This website is for sale!
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 Proben bei 1000Gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 10526 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\windows\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AGRSMMSG] C:\windows\AGRSMMSG.exe (Agere Systems)
    O4 - HKLM..\Run: [Alcmtr] C:\windows\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe File not found
    O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
    O4 - HKLM..\Run: [CFSServ.exe] File not found
    O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [igfxhkcmd] C:\windows\System32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [igfxpers] C:\windows\System32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [igfxtray] C:\windows\System32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.EXE (Logitech, Inc.)
    O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
    O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
    O4 - HKLM..\Run: [LXCTCATS] C:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtim e.DLL (Lexmark International Inc.)
    O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKLM..\Run: [RTHDCPL] C:\windows\RTHDCPL.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TFncKy] File not found
    O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
    O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe (Logitech Inc.)
    O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe (Logitech Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\windows\System32\RAMASST.exe (Matsu****a Electric Industrial Co., Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 55924053
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 55924053
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: disableregistrytools = 0
    O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Checkers Class)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://shylap.spaces.live.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase5483.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/...toUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/bingame/dsh2/def...2.1.0.0.68.cab (CPlayFirstDinerDash2Control Object)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1189267585953 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/bingame/burg/def...sPlayer_v6.cab (GoBit Games Player)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} Big Fish Games | A New Free Game Download Every Day (SproutLauncherCtrl Class)
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/cnma/default/ct.cab (TikGames Online Control)
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/def...h.1.0.0.94.cab (CPlayFirstDinerDashControl Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab? (Photo Upload Plugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.96 24.222.0.97
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\avldr: DllName - avldr.dll - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{fdb21ab8-cdb7-11dd-a9c2-0018de2da0a1}\Shell - "" = AutoRun
    O33 - MountPoints2\{fdb21ab8-cdb7-11dd-a9c2-0018de2da0a1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fdb21ab8-cdb7-11dd-a9c2-0018de2da0a1}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    O34 - HKLM BootExecute: (PGUNNT) - File not found
    O34 - HKLM BootExecute: (C:\WINDOWS\system32\avldr.dll) - C:\windows\System32\avldr.dll File not found
    O34 - HKLM BootExecute: (PGUNNT) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\INSTAL~1\{EEBA9~1\SMCL\PAVSMCL.DLL) - C:\PROGRA~1\INSTAL~1\{EEBA9~1\SMCL\PAVSMCL.DLL File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
    O35 - comfile [open] -- "%1" %* File not found
    O35 - exefile [open] -- "%1" %* File not found

    NetSvcs: 6to4 - Service key not found. File not found
    NetSvcs: Ias - Service key not found. File not found
    NetSvcs: Iprip - Service key not found. File not found
    NetSvcs: Irmon - Service key not found. File not found
    NetSvcs: NWCWorkstation - Service key not found. File not found
    NetSvcs: Nwsapagent - Service key not found. File not found
    NetSvcs: WmdmPmSp - Service key not found. File not found
    NetSvcs: MHN - C:\windows\System32\mhn.dll (Microsoft Corporation)
    NetSvcs: helpsvc - C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

    ========== Files/Folders - Created Within 14 Days ==========

    [1 C:\windows\*.tmp files]
    [2009/10/12 22:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2009/10/11 14:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
    [2009/10/10 22:00:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/10/10 13:58:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2009/10/09 20:24:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\5400 Series
    [2009/10/10 22:00:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    [2009/10/10 13:58:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    [2009/10/10 13:57:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/10/09 20:17:40 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 5400 Series
    [2009/10/09 20:19:04 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
    [2009/10/09 20:24:12 | 00,000,000 | ---D | C] -- C:\Program Files\Lx_cats
    [2009/10/10 22:00:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/10/09 13:16:26 | 00,000,000 | ---D | C] -- C:\Program Files\Sandlot Games
    [2009/10/10 13:58:24 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/12/26 01:35:10 | 00,000,000 | ---D | C] -- C:\games
    [2009/10/14 23:02:23 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2009/10/13 20:52:03 | 00,000,000 | --SD | C] -- C:\c7y45rg6
    [2009/10/12 15:17:23 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/10/11 16:20:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
    [2009/10/11 16:20:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2009/10/11 16:20:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2009/10/11 16:20:34 | 00,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2009/10/11 16:20:26 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
    [2009/10/11 15:04:00 | 00,000,000 | -HSD | C] -- C:\Config.Msi
    [2009/10/10 22:00:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
    [2009/10/10 22:00:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2009/10/10 21:58:20 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
    [2009/10/09 20:19:36 | 00,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\windows\System32\IMGMAN32.DLL
    [2009/10/09 20:19:36 | 00,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\windows\System32\IMHOST32.DLL
    [2009/10/09 20:19:36 | 00,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\windows\System32\IM31XPNG.DEL
    [2009/10/09 20:19:36 | 00,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\windows\System32\IM31XTIF.DEL
    [2009/10/09 20:19:36 | 00,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\windows\System32\IM31IMG.DIL
    [2009/10/09 20:17:28 | 00,409,600 | ---- | C] ( ) -- C:\windows\System32\lxctinpa.dll
    [2009/10/09 20:17:28 | 00,393,216 | ---- | C] ( ) -- C:\windows\System32\lxctiesc.dll
    [2009/10/09 20:17:27 | 01,187,840 | ---- | C] ( ) -- C:\windows\System32\lxctserv.dll
    [2009/10/09 20:17:27 | 00,983,040 | ---- | C] ( ) -- C:\windows\System32\lxctusb1.dll
    [2009/10/09 20:17:27 | 00,696,320 | ---- | C] ( ) -- C:\windows\System32\lxcthbn3.dll
    [2009/10/09 20:17:27 | 00,643,072 | ---- | C] ( ) -- C:\windows\System32\lxctpmui.dll
    [2009/10/09 20:17:27 | 00,528,384 | ---- | C] ( ) -- C:\windows\System32\lxctlmpm.dll
    [2009/10/09 20:17:27 | 00,380,928 | ---- | C] ( ) -- C:\windows\System32\lxctih.exe
    [2009/10/09 20:17:27 | 00,163,840 | ---- | C] ( ) -- C:\windows\System32\lxctprox.dll
    [2009/10/09 20:17:27 | 00,094,208 | ---- | C] ( ) -- C:\windows\System32\lxctpplc.dll
    [2009/10/09 20:17:26 | 00,667,648 | ---- | C] ( ) -- C:\windows\System32\lxctcomc.dll
    [2009/10/09 20:17:26 | 00,528,384 | ---- | C] ( ) -- C:\windows\System32\lxctcoms.exe
    [2009/10/09 20:17:26 | 00,421,888 | ---- | C] ( ) -- C:\windows\System32\lxctcomm.dll
    [2009/10/09 20:17:26 | 00,376,832 | ---- | C] ( ) -- C:\windows\System32\lxctcfg.exe
    [2009/10/09 20:17:26 | 00,077,824 | ---- | C] (Lexmark International) -- C:\windows\System32\LXCTcfg.dll
    [2009/10/09 20:15:34 | 00,000,000 | ---D | C] -- C:\drivers
    [2009/10/07 10:04:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\docs
    [2009/10/07 10:02:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Cleaners
    [2009/10/07 10:01:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Games
    [2009/10/07 0943 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\pics
    [2006/01/29 23:10:08 | 00,053,248 | ---- | C] ( ) -- C:\windows\System32\DLLVGA.dll

    ========== Files - Modified Within 14 Days ==========

    [7 C:\windows\System32\*.tmp files]
    [1 C:\windows\*.tmp files]
    [11 C:\Documents and Settings\Owner\My Documents\*.tmp files]
    [2009/12/26 00:00:18 | 00,000,422 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{F2F48E37-C797-4BDA-BAF9-90273EB4E597}.job
    [2009/10/14 23:02:24 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2009/10/14 22:26:00 | 00,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2009/10/14 16:26:00 | 00,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2009/10/14 15:28:07 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
    [2009/10/14 15:28:01 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
    [2009/10/14 15:27:59 | 21,370,51136 | -HS- | M] () -- C:\hiberfil.sys
    [2009/10/13 18:43:09 | 03,337,810 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\c7y45rg6.exe
    [2009/10/12 17:15:10 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\shyla resume - PANDEMIC.doc
    [2009/10/12 16:52:56 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\shyla resume 3-H1N1.doc
    [2009/10/12 16:48:28 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\shyla resume 3-1.doc
    [2009/10/11 16:14:27 | 00,130,096 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2009/10/11 16:04:01 | 00,000,526 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ResetTeaTimer.zip
    [2009/10/11 14:42:19 | 00,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
    [2009/10/11 14:37:50 | 00,000,054 | ---- | M] () -- C:\windows\System32\rp_stats.dat
    [2009/10/11 14:37:50 | 00,000,039 | ---- | M] () -- C:\windows\System32\rp_rules.dat
    [2009/10/11 08:46:21 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rw1bq3y9.exe
    [2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\windows\PEV.exe
    [2009/10/10 22:00:09 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/10 21:59:00 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
    [2009/10/10 13:58:29 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/10/10 1307 | 07,174,176 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2009/10/09 20:33:35 | 00,002,627 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WordPerfect X4.lnk
    [2009/10/09 20:27:40 | 00,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 5400 Series.LNK
    [2009/10/09 2039 | 02,111,692 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2009/10/09 2005 | 00,021,291 | ---- | M] () -- C:\windows\System32\LexFiles.ulf
    [2009/10/09 20:13:08 | 60,937,192 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cjb5400EN.exe
    [2009/10/09 16:17:33 | 00,989,967 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\invitation_final.jpg
    [2009/10/09 13:17:07 | 00,001,941 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cake Mania-MainStreet.lnk
    [2009/10/08 17:47:17 | 00,032,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\image.jpg
    [2009/10/08 17:38:06 | 00,027,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sophie.jpg
    [2009/10/08 15:39:02 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
    [2009/10/08 15:18:32 | 00,093,696 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/06 20:14:08 | 00,001,633 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trillian.lnk
    [2009/10/06 20:00:13 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WinZip.lnk
    [2009/10/06 20:00:13 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk

    ========== Files - No Company Name ==========
    [2009/10/14 15:27:59 | 21,370,51136 | -HS- | C] () -- C:\hiberfil.sys
    [2009/10/13 18:42:40 | 03,337,810 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\c7y45rg6.exe
    [2009/10/12 17:15:10 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\shyla resume - PANDEMIC.doc
    [2009/10/12 16:52:56 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\shyla resume 3-H1N1.doc
    [2009/10/12 16:48:27 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\shyla resume 3-1.doc
    [2009/10/11 16:20:34 | 00,236,544 | ---- | C] () -- C:\windows\PEV.exe
    [2009/10/11 16:20:34 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2009/10/11 16:20:34 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2009/10/11 16:20:34 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2009/10/11 16:04:00 | 00,000,526 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ResetTeaTimer.zip
    [2009/10/11 08:46:19 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rw1bq3y9.exe
    [2009/10/10 22:00:09 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/10 13:58:29 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/10/10 13:55:06 | 07,174,176 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2009/10/09 20:27:40 | 00,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 5400 Series.LNK
    [2009/10/09 20:23:44 | 00,000,054 | ---- | C] () -- C:\windows\System32\rp_stats.dat
    [2009/10/09 20:23:44 | 00,000,039 | ---- | C] () -- C:\windows\System32\rp_rules.dat
    [2009/10/09 20:20:38 | 00,040,960 | ---- | C] () -- C:\windows\System32\lxctvs.dll
    [2009/10/09 20:20:36 | 00,335,872 | ---- | C] () -- C:\windows\System32\lxctcoin.dll
    [2009/10/09 20:20:23 | 00,692,224 | ---- | C] () -- C:\windows\System32\lxctdrs.dll
    [2009/10/09 20:20:23 | 00,065,536 | ---- | C] () -- C:\windows\System32\lxctcaps.dll
    [2009/10/09 20:20:23 | 00,061,440 | ---- | C] () -- C:\windows\System32\lxctcnv4.dll
    [2009/10/09 20:19:57 | 00,032,768 | ---- | C] () -- C:\windows\System32\LXCTFXPU.DLL
    [2009/10/09 20:19:56 | 00,040,960 | ---- | C] () -- C:\windows\System32\lxctpmon.dll
    [2009/10/09 20:17:28 | 00,274,432 | ---- | C] () -- C:\windows\System32\LXCTinst.dll
    [2009/10/09 20:17:28 | 00,021,291 | ---- | C] () -- C:\windows\System32\LexFiles.ulf
    [2009/10/09 20:17:27 | 00,752,383 | ---- | C] () -- C:\windows\System32\lxcthelp.chm
    [2009/10/09 20:17:27 | 00,204,800 | ---- | C] () -- C:\windows\System32\lxctgrd.dll
    [2009/10/09 20:17:26 | 00,002,180 | ---- | C] () -- C:\windows\System32\lxct.loc
    [2009/10/09 20:09:48 | 60,937,192 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cjb5400EN.exe
    [2009/10/09 16:17:31 | 00,989,967 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\invitation_final.jpg
    [2009/10/09 13:17:07 | 00,001,941 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cake Mania-MainStreet.lnk
    [2009/10/08 17:47:16 | 00,032,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\image.jpg
    [2009/10/08 17:38:05 | 00,027,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sophie.jpg
    [2009/10/06 20:00:13 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WinZip.lnk
    [2009/10/06 20:00:13 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
    [2009/10/06 20:00:12 | 00,002,627 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WordPerfect X4.lnk
    [2009/04/19 0903 | 00,000,121 | ---- | C] () -- C:\windows\bdagent.INI
    [2009/03/31 20:41:31 | 00,003,840 | ---- | C] () -- C:\windows\System32\drivers\BANTExt.sys
    [2008/08/06 15:39:40 | 00,000,176 | ---- | C] () -- C:\windows\LEXSTAT.INI
    [2008/04/09 15:11:13 | 02,111,692 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2008/04/04 13:23:08 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
    [2007/12/22 22:47:28 | 00,000,069 | ---- | C] () -- C:\windows\cdplayer.ini
    [2007/09/06 2344 | 00,024,360 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
    [2007/07/06 23:43:38 | 00,000,105 | ---- | C] () -- C:\windows\iPlayer.INI
    [2007/06/23 18:37:39 | 00,001,519 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\error.log
    [2007/06/23 18:37:39 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\config.tcf
    [2007/06/21 14:37:08 | 00,003,289 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\com.kennettnet.MusicRescue.plist
    [2007/06/21 14:37:07 | 00,035,550 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\com.kennettnet.MusicRescueProfiles.plist
    [2007/04/25 15:18:24 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/03/12 17:10:42 | 00,000,884 | ---- | C] () -- C:\windows\shlfolder.sys
    [2007/01/08 22:42:42 | 00,093,696 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/12/29 16:40:25 | 00,000,141 | ---- | C] () -- C:\windows\disney.ini
    [2006/12/28 22:36:12 | 00,000,179 | ---- | C] () -- C:\windows\disneysy.ini
    [2006/12/27 13:45:05 | 00,034,160 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2006/12/12 14:00:26 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
    [2006/12/12 13:54:42 | 00,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
    [2006/12/02 07:54:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
    [2006/12/02 07:54:37 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2006/12/02 07:52:12 | 00,006,528 | ---- | C] () -- C:\windows\System32\drivers\Tbiosdrv.sys
    [2006/09/04 21:07:21 | 00,000,061 | ---- | C] () -- C:\windows\smscfg.ini
    [2006/01/30 03:45:42 | 00,000,000 | ---- | C] () -- C:\windows\System32\px.ini
    [2006/01/29 23:10:08 | 00,118,784 | ---- | C] () -- C:\windows\System32\TCtrlIO.dll
    [2006/01/29 22:32:20 | 00,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
    [2006/01/29 22:29:57 | 00,036,736 | ---- | C] () -- C:\windows\System32\drivers\CSIIDecoder_kern_i386. sys
    [2006/01/29 22:29:57 | 00,029,184 | ---- | C] () -- C:\windows\System32\drivers\TSXT_kern_i386.sys
    [2006/01/29 22:29:07 | 00,000,879 | ---- | C] () -- C:\windows\wininit.ini
    [2006/01/29 22:28:01 | 00,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
    [2006/01/29 22:28:01 | 00,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
    [2006/01/29 22:28:01 | 00,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
    [2006/01/29 22:28:01 | 00,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
    [2006/01/29 22:28:01 | 00,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
    [2006/01/29 22:28:01 | 00,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
    [2006/01/29 22:23:08 | 00,128,113 | ---- | C] () -- C:\windows\System32\csellang.ini
    [2006/01/29 22:23:08 | 00,045,056 | ---- | C] () -- C:\windows\System32\csellang.dll
    [2006/01/29 22:23:08 | 00,010,165 | ---- | C] () -- C:\windows\System32\tosmreg.ini
    [2006/01/29 22:23:08 | 00,007,671 | ---- | C] () -- C:\windows\System32\cseltbl.ini
    [2006/01/29 22:22:21 | 00,135,168 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
    [2006/01/29 21:12:43 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
    [2006/01/29 20:45:55 | 00,000,791 | ---- | C] () -- C:\windows\orun32.ini
    [2006/01/29 19:25:21 | 00,002,392 | ---- | C] () -- C:\windows\System32\oeminfo.ini
    [2006/01/29 19:24:48 | 00,000,730 | ---- | C] () -- C:\windows\win.ini
    [2006/01/29 19:24:44 | 00,000,227 | ---- | C] () -- C:\windows\system.ini
    [2005/09/02 20:14:00 | 00,110,592 | ---- | C] () -- C:\windows\System32\TosBtAcc.dll
    [2005/08/31 11:43:32 | 00,098,304 | ---- | C] () -- C:\windows\System32\resourceGeneric.dll
    [2005/08/05 19:31:54 | 00,235,008 | ---- | C] () -- C:\windows\System32\psisdecd.dll
    [2005/07/23 03:00:00 | 00,065,536 | ---- | C] () -- C:\windows\System32\TosCommAPI.dll
    [2004/07/20 22:34:00 | 00,094,208 | ---- | C] () -- C:\windows\System32\TosBtHcrpAPI.dll
    [2004/01/15 20:13:00 | 00,114,688 | ---- | C] () -- C:\windows\System32\TBTMonUI.dll
    [2002/10/14 15:39:18 | 00,000,184 | ---- | C] () -- C:\windows\System32\lxbbcoin.ini
    [1996/04/03 17:03:26 | 00,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys

    ========== LOP Check ==========

    [2009/10/12 22:38:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2009/01/30 14:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2009/05/13 15:10:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    [2009/10/11 14:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
    [2009/05/24 09:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
    [2008/04/07 14:23:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
    [2007/08/28 17:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
    [2009/02/25 15:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
    [2009/09/11 13:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2007/08/03 20:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2009/10/09 13:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2006/01/29 20:48:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
    [2008/05/19 15:43:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
    [2009/08/16 13:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2006/12/29 21:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
    [2009/05/15 13:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/09/04 21:31:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    [2009/10/11 08:28:28 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data
    [2009/10/09 20:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\5400 Series
    [2009/03/18 16:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boolat Games
    [2009/09/04 22:06:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CameraWindowDC
    [2009/09/04 21:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CANON INC
    [2007/12/27 00:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus.media
    [2009/08/26 12:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Corel
    [2008/05/07 23:48:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dvdcss
    [2009/09/11 13:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
    [2007/06/29 20:08:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
    [2008/01/21 16:52:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
    [2009/01/21 18:52:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GarageGames
    [2009/08/11 1457 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GraveyardShift
    [2006/12/02 07:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intel
    [2009/03/22 19:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
    [2007/09/24 19:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
    [2006/12/29 16:50:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
    [2008/04/07 14:23:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
    [2007/03/27 14:34:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MysteryStudio
    [2009/02/25 15:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Games
    [2007/05/27 12:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ohana Games
    [2008/07/23 14:16:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
    [2009/09/11 13:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
    [2007/06/22 23:53:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sandlot Games
    [2008/04/04 18:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
    [2009/03/24 16:45:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
    [2007/04/07 20:31:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
    [2009/09/12 14:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
    [2009/10/09 13:15:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    [2009/09/06 10:12:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
    [2009/10/11 14:42:19 | 00,000,472 | ---- | M] () -- C:\windows\Tasks\Ad-Aware Update (Weekly).job
    [2009/10/08 15:39:02 | 00,000,284 | ---- | M] () -- C:\windows\Tasks\AppleSoftwareUpdate.job
    [2004/08/10 09:30:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
    [2009/10/14 16:26:00 | 00,000,882 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2009/10/14 22:26:00 | 00,000,886 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2009/10/14 15:28:07 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT
    [2009/12/26 00:00:18 | 00,000,422 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{F2F48E37-C797-4BDA-BAF9-90273EB4E597}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >

    < %systemroot%\system32\eventlog.dll >
    [2004/08/10 09:30:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\eventlog.dll
    [7 C:\windows\system32\*.tmp files]

    < %systemroot%\system32\scecli.dll >
    [2004/08/10 09:30:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\scecli.dll
    [7 C:\windows\system32\*.tmp files]

    < %systemroot%\netlogon.dll >

    < %systemroot%\system32\cngaudit.dll >

    < %systemroot%\system32\sceclt.dll >

    < %systemroot%\ntelogon.dll >

    < %systemroot%\system32\logevent.dll >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E8EA1
    @Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00811B66
    @Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10F6E97E
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE3A2438
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED45A20F
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP8134D8F
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:741CA49D
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3857ABB7
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFCCC46E
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A93447
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83EC3BCE
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:269C0B5C
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPD874E14
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP48500F8
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP2A5A561
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E903DEB
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85B76BC6
    < End of report >
    Attached Files
  9. 15-10-2009  #38
    broni
    broni is offline Senior Member
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
SRV - [2009/04/02 12:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Stopped])
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - File not found
O33 - MountPoints2\{fdb21ab8-cdb7-11dd-a9c2-0018de2da0a1}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (C:\WINDOWS\system32\avldr.dll) - C:\windows\System32\avldr.dll File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\INSTAL~1\{EEBA9~1\SMCL\PAVSMCL.DLL) - C:\PROGRA~1\INSTAL~1\{EEBA9~1\SMCL\PAVSMCL.DLL File not found
[2009/10/13 18:43:09 | 03,337,810 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\c7y45rg6.exe
[2009/10/11 08:46:21 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rw1bq3y9.exe
[2009/10/09 20:13:08 | 60,937,192 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cjb5400EN.exe
[2009/10/11 16:20:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2009/10/11 16:20:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2009/10/11 16:20:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\windows\PEV.exe
[2009/10/11 16:20:34 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe
[2009/10/11 16:20:34 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe
[2009/10/11 16:20:34 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe
[2009/10/09 20:09:48 | 60,937,192 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cjb5400EN.exe


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  10. 16-10-2009  #39
    lurla
    lurla is offline Valued Member
    ok i did that. It asked to run OTL again on reboot and posted a log.. not sure if thats the log youre looking for? but i'll post that and then hit quick scan again and post that log too in cas thats the one you want.

    just an update.. the computer is still running in the 90's.. and thats just after start up! i'm not doing a thing. so frustrating.

    All processes killed
    ========== OTL ==========
    Process explorer.exe killed successfully!
    Service\Driver ASKUpgrade stopped successfully.
    Service\Driver ASKUpgrade deleted successfully.
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe moved successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d 4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
    C:\Program Files\AskBarDis\bar\bin\askBar.dll unregistered successfully.
    C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74 F-2B8D-469E-86BD-FD60BB9AAE3A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8 A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03 e-fd4b-44e0-b742-2d9b88305f98}\ not found.
    File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\ipp\ deleted successfully.
    File Protocol\Handler\ipp - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\msdaipp\ deleted successfully.
    File Protocol\Handler\msdaipp - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{fdb21ab8-cdb7-11dd-a9c2-0018de2da0a1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdb21ab 8-cdb7-11dd-a9c2-0018de2da0a1}\ not found.
    File E:\DPFMate.exe not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session manager\\BootExecute:C:\WINDOWS\system32\avldr.dll deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session manager\\BootExecute:C:\PROGRA~1\INSTAL~1\{EEBA9~1 \SMCL\PAVSMCL.DLL deleted successfully.
    C:\Documents and Settings\Owner\Desktop\c7y45rg6.exe moved successfully.
    C:\Documents and Settings\Owner\Desktop\rw1bq3y9.exe moved successfully.
    C:\Documents and Settings\Owner\Desktop\cjb5400EN.exe moved successfully.
    C:\windows\SWXCACLS.exe moved successfully.
    C:\windows\SWREG.exe moved successfully.
    C:\windows\SWSC.exe moved successfully.
    C:\windows\PEV.exe moved successfully.
    C:\windows\sed.exe moved successfully.
    C:\windows\grep.exe moved successfully.
    C:\windows\zip.exe moved successfully.
    File C:\Documents and Settings\Owner\Desktop\cjb5400EN.exe not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 602 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 602 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 36963424 bytes
    File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 21986482 bytes
    ->Java cache emptied: 1255310 bytes
    ->FireFox cache emptied: 87499104 bytes
    ->Opera cache emptied: 4098036 bytes

    %systemdrive% .tmp files removed: 0 bytes
    C:\windows\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 6332433 bytes
    File delete failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. C:\windows\temp\Perflib_Perfdata_484.dat scheduled to be deleted on reboot.
    File delete failed. C:\windows\temp\Perflib_Perfdata_cc.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied: 548293 bytes
    RecycleBin emptied: 33475453 bytes

    Total Files Cleaned = 183.45 mb

    C:\windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.0.21.0 log created on 10152009_224022

    Files\Folders moved on Reboot...
    File move failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\windows\temp\Perflib_Perfdata_484.dat not found!
    File\Folder C:\windows\temp\Perflib_Perfdata_cc.dat not found!

    Registry entries deleted on Reboot...




    OTL logfile created on: 10/15/2009 10:50:27 PM - Run 2
    OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.33% Memory free
    3.84 Gb Paging File | 3.15 Gb Available in Paging File | 81.98% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 27.96 Gb Free Space | 25.01% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SHYLA
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2009/10/14 23:02:24 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2009/09/23 15:16:24 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2009/09/23 15:16:23 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2009/09/15 11:42:42 | 01,998,576 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2009/08/17 13:37:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    PRC - [2009/08/17 13:37:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
    PRC - [2009/08/17 13:37:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    PRC - [2009/08/17 13:34:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    PRC - [2009/08/17 13:28:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/05/14 22:52:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2009/04/24 02:08:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009/02/06 07:11:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\wmiprvse.exe
    PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    PRC - [2008/01/08 22:03:42 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2007/06/13 07:53:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
    PRC - [2007/02/26 13:53:26 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2007/01/11 13:57:22 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    PRC - [2006/08/25 19:17:12 | 00,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    PRC - [2006/08/02 06:09:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2006/08/02 06:08:30 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    PRC - [2006/08/02 06:02:44 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    PRC - [2006/08/02 06:01:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2006/08/02 05:57:54 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2006/08/02 05:54:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2006/07/13 16:27:16 | 00,528,384 | ---- | M] ( ) -- C:\windows\System32\lxctcoms.exe
    PRC - [2006/06/07 02:05:20 | 00,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5400 Series\ezprint.exe
    PRC - [2006/05/19 16:43:38 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    PRC - [2006/05/04 20:29:16 | 16,206,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\RTHDCPL.EXE
    PRC - [2006/04/10 02:54:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\windows\eHome\ehRecvr.exe
    PRC - [2006/03/23 01:47:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\windows\System32\igfxpers.exe
    PRC - [2006/03/23 01:43:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\windows\System32\hkcmd.exe
    PRC - [2006/03/16 18:28:50 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2006/03/02 05:32:08 | 00,761,948 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    PRC - [2006/03/02 05:20:52 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
    PRC - [2006/02/07 22:00:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    PRC - [2006/02/02 17:41:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
    PRC - [2005/12/12 21:20:02 | 00,088,204 | ---- | M] (Agere Systems) -- C:\windows\AGRSMMSG.exe
    PRC - [2005/08/16 16:53:12 | 00,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    PRC - [2005/08/05 19:26:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
    PRC - [2005/08/05 19:26:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\eHome\ehSched.exe
    PRC - [2005/08/05 19:26:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\windows\eHome\ehmsas.exe
    PRC - [2005/08/05 18:57:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
    PRC - [2005/06/01 02:29:58 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\windows\System32\TPSBattM.exe
    PRC - [2005/04/26 21:43:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2005/01/17 21:08:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004/12/30 06:02:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    PRC - [2004/10/13 13:54:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    PRC - [2004/08/27 14:07:00 | 00,155,648 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\windows\System32\RAMASST.exe
    PRC - [2004/08/27 14:03:00 | 00,110,592 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\windows\System32\DVDRAMSV.exe
    PRC - [2004/08/17 17:07:44 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
    PRC - [2004/08/10 09:30:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\taskmgr.exe
    PRC - [2004/08/10 09:30:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\notepad.exe
    PRC - [2004/08/10 09:30:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\unsecapp.exe
    PRC - [2002/10/14 15:03:18 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXBCES.EXE
    PRC - [2002/10/14 15:00:42 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXPPS.EXE

    ========== Win32 Services (SafeList) ==========

    SRV - [2009/09/23 15:16:23 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
    SRV - [2009/08/17 13:37:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
    SRV - [2009/08/17 13:37:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
    SRV - [2009/08/17 13:34:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
    SRV - [2009/08/17 13:28:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
    SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
    SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
    SRV - [2009/05/14 22:52:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
    SRV - [2009/04/22 14:58:36 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c36fc5f289c4 [Auto | Stopped])
    SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
    SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
    SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
    SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
    SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
    SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
    SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
    SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe -- (aspnet_state [On_Demand | Stopped])
    SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
    SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
    SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
    SRV - [2006/08/02 06:09:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
    SRV - [2006/08/02 06:01:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
    SRV - [2006/08/02 05:54:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
    SRV - [2006/07/13 16:27:16 | 00,528,384 | ---- | M] ( ) -- C:\windows\System32\lxctcoms.exe -- (lxct_device [Auto | Running])
    SRV - [2006/04/10 02:54:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\windows\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
    SRV - [2006/02/07 22:00:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
    SRV - [2005/08/05 19:26:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\eHome\ehSched.exe -- (ehSched [Auto | Running])
    SRV - [2005/08/05 18:57:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
    SRV - [2005/01/17 21:08:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
    SRV - [2004/10/22 08:54:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
    SRV - [2004/08/27 14:03:00 | 00,110,592 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\windows\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
    SRV - [2004/08/10 09:41:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mhn.dll -- (MHN [On_Demand | Stopped])
    SRV - [2004/08/10 09:30:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
    SRV - [2003/07/28 17:58:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
    SRV - [2002/10/14 15:03:18 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to Facebook | Facebook
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Canada - The all-new MSN Canada, home of world-class services such as Hotmail, Windows Live Messenger, and News, Sports, Financial and Entertainment services
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 18 76 24 31 37 CA 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.ca"
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.0.0
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun. com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/14 22:52:23 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{20a8264 5-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 03:00:33 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/05/18 16:06:48 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/22 00:19:46 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdTh underbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension

    [2009/05/18 16:06:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
    [2009/05/18 16:06:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/09/15 16:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\he9t6fnd.default\ext ensions
    [2009/06/29 16:25:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\he9t6fnd.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/05/18 16:20:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\he9t6fnd.default\ext ensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    [2009/05/18 16:20:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\he9t6fnd.default\ext ensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/09/15 09:42:27 | 00,002,163 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\he9t6fnd.default\sea rchplugins\bing.xml
    [2009/05/18 16:06:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/05/18 16:06:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/04/24 02:08:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/04/24 02:08:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2009/04/24 02:08:33 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2009/04/23 22:09:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2009/04/23 22:09:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2009/04/23 22:09:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2009/04/23 22:09:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2009/04/23 22:09:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/04/23 22:09:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2009/04/23 22:09:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (56 bytes) - C:\windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\windows\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AGRSMMSG] C:\windows\AGRSMMSG.exe (Agere Systems)
    O4 - HKLM..\Run: [Alcmtr] C:\windows\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe File not found
    O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
    O4 - HKLM..\Run: [CFSServ.exe] File not found
    O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [igfxhkcmd] C:\windows\System32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [igfxpers] C:\windows\System32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [igfxtray] C:\windows\System32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.EXE (Logitech, Inc.)
    O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
    O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
    O4 - HKLM..\Run: [LXCTCATS] C:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtim e.DLL (Lexmark International Inc.)
    O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKLM..\Run: [RTHDCPL] C:\windows\RTHDCPL.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TFncKy] File not found
    O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
    O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe (Logitech Inc.)
    O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe (Logitech Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\windows\System32\RAMASST.exe (Matsu****a Electric Industrial Co., Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 55924053
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 55924053
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: disableregistrytools = 0
    O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Checkers Class)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://shylap.spaces.live.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase5483.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/...toUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/bingame/dsh2/def...2.1.0.0.68.cab (CPlayFirstDinerDash2Control Object)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1189267585953 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/bingame/burg/def...sPlayer_v6.cab (GoBit Games Player)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} Big Fish Games | A New Free Game Download Every Day (SproutLauncherCtrl Class)
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/cnma/default/ct.cab (TikGames Online Control)
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/def...h.1.0.0.94.cab (CPlayFirstDinerDashControl Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab? (Photo Upload Plugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.96 24.222.0.97
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    O34 - HKLM BootExecute: (pgunnt) - File not found
    O34 - HKLM BootExecute: (pgunnt) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
    O35 - comfile [open] -- "%1" %* File not found
    O35 - exefile [open] -- "%1" %* File not found

    ========== Files/Folders - Created Within 14 Days ==========

    [2009/10/12 22:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2009/10/11 14:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
    [2009/10/10 22:00:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/10/10 13:58:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2009/10/09 20:24:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\5400 Series
    [2009/10/10 22:00:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    [2009/10/10 13:58:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    [2009/10/10 13:57:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/10/09 20:17:40 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 5400 Series
    [2009/10/09 20:19:04 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
    [2009/10/09 20:24:12 | 00,000,000 | ---D | C] -- C:\Program Files\Lx_cats
    [2009/10/10 22:00:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/10/09 13:16:26 | 00,000,000 | ---D | C] -- C:\Program Files\Sandlot Games
    [2009/10/10 13:58:24 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/12/26 01:35:10 | 00,000,000 | ---D | C] -- C:\games
    [2009/10/15 22:40:22 | 00,000,000 | ---D | C] -- C:\_OTL
    [2009/10/14 23:02:23 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2009/10/13 20:52:03 | 00,000,000 | --SD | C] -- C:\c7y45rg6
    [2009/10/12 15:17:23 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/10/11 16:20:34 | 00,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2009/10/11 16:20:26 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
    [2009/10/11 15:04:00 | 00,000,000 | -HSD | C] -- C:\Config.Msi
    [2009/10/10 22:00:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
    [2009/10/10 22:00:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2009/10/10 21:58:20 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
    [2009/10/09 20:19:36 | 00,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\windows\System32\IMGMAN32.DLL
    [2009/10/09 20:19:36 | 00,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\windows\System32\IMHOST32.DLL
    [2009/10/09 20:19:36 | 00,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\windows\System32\IM31XPNG.DEL
    [2009/10/09 20:19:36 | 00,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\windows\System32\IM31XTIF.DEL
    [2009/10/09 20:19:36 | 00,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\windows\System32\IM31IMG.DIL
    [2009/10/09 20:17:28 | 00,409,600 | ---- | C] ( ) -- C:\windows\System32\lxctinpa.dll
    [2009/10/09 20:17:28 | 00,393,216 | ---- | C] ( ) -- C:\windows\System32\lxctiesc.dll
    [2009/10/09 20:17:27 | 01,187,840 | ---- | C] ( ) -- C:\windows\System32\lxctserv.dll
    [2009/10/09 20:17:27 | 00,983,040 | ---- | C] ( ) -- C:\windows\System32\lxctusb1.dll
    [2009/10/09 20:17:27 | 00,696,320 | ---- | C] ( ) -- C:\windows\System32\lxcthbn3.dll
    [2009/10/09 20:17:27 | 00,643,072 | ---- | C] ( ) -- C:\windows\System32\lxctpmui.dll
    [2009/10/09 20:17:27 | 00,528,384 | ---- | C] ( ) -- C:\windows\System32\lxctlmpm.dll
    [2009/10/09 20:17:27 | 00,380,928 | ---- | C] ( ) -- C:\windows\System32\lxctih.exe
    [2009/10/09 20:17:27 | 00,163,840 | ---- | C] ( ) -- C:\windows\System32\lxctprox.dll
    [2009/10/09 20:17:27 | 00,094,208 | ---- | C] ( ) -- C:\windows\System32\lxctpplc.dll
    [2009/10/09 20:17:26 | 00,667,648 | ---- | C] ( ) -- C:\windows\System32\lxctcomc.dll
    [2009/10/09 20:17:26 | 00,528,384 | ---- | C] ( ) -- C:\windows\System32\lxctcoms.exe
    [2009/10/09 20:17:26 | 00,421,888 | ---- | C] ( ) -- C:\windows\System32\lxctcomm.dll
    [2009/10/09 20:17:26 | 00,376,832 | ---- | C] ( ) -- C:\windows\System32\lxctcfg.exe
    [2009/10/09 20:17:26 | 00,077,824 | ---- | C] (Lexmark International) -- C:\windows\System32\LXCTcfg.dll
    [2009/10/09 20:15:34 | 00,000,000 | ---D | C] -- C:\drivers
    [2009/10/07 10:04:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\docs
    [2009/10/07 10:02:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Cleaners
    [2009/10/07 10:01:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Games
    [2009/10/07 0943 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\pics
    [2006/01/29 23:10:08 | 00,053,248 | ---- | C] ( ) -- C:\windows\System32\DLLVGA.dll

    ========== Files - Modified Within 14 Days ==========

    [11 C:\Documents and Settings\Owner\My Documents\*.tmp files]
    [2009/12/26 00:00:18 | 00,000,422 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{F2F48E37-C797-4BDA-BAF9-90273EB4E597}.job
    [2009/10/15 22:42:59 | 00,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2009/10/15 22:42:55 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
    [2009/10/15 22:42:49 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
    [2009/10/15 22:42:47 | 21,370,51136 | -HS- | M] () -- C:\hiberfil.sys
    [2009/10/15 22:41:06 | 00,000,056 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
    [2009/10/15 22:26:02 | 00,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2009/10/15 00:08:52 | 00,097,280 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/14 23:02:24 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2009/10/12 17:15:10 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\shyla resume - PANDEMIC.doc
    [2009/10/12 16:52:56 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\shyla resume 3-H1N1.doc
    [2009/10/12 16:48:28 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\shyla resume 3-1.doc
    [2009/10/11 16:14:27 | 00,130,096 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2009/10/11 16:04:01 | 00,000,526 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ResetTeaTimer.zip
    [2009/10/11 14:42:19 | 00,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
    [2009/10/11 14:37:50 | 00,000,054 | ---- | M] () -- C:\windows\System32\rp_stats.dat
    [2009/10/11 14:37:50 | 00,000,039 | ---- | M] () -- C:\windows\System32\rp_rules.dat
    [2009/10/10 22:00:09 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/10 21:59:00 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
    [2009/10/10 13:58:29 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/10/10 1307 | 07,174,176 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2009/10/09 20:33:35 | 00,002,627 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WordPerfect X4.lnk
    [2009/10/09 20:27:40 | 00,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 5400 Series.LNK
    [2009/10/09 2039 | 02,111,692 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2009/10/09 2005 | 00,021,291 | ---- | M] () -- C:\windows\System32\LexFiles.ulf
    [2009/10/09 16:17:33 | 00,989,967 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\invitation_final.jpg
    [2009/10/09 13:17:07 | 00,001,941 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cake Mania-MainStreet.lnk
    [2009/10/08 17:47:17 | 00,032,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\image.jpg
    [2009/10/08 17:38:06 | 00,027,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sophie.jpg
    [2009/10/08 15:39:02 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
    [2009/10/06 20:14:08 | 00,001,633 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trillian.lnk
    [2009/10/06 20:00:13 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WinZip.lnk
    [2009/10/06 20:00:13 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk

    ========== Files - No Company Name ==========
    [2009/10/14 15:27:59 | 21,370,51136 | -HS- | C] () -- C:\hiberfil.sys
    [2009/10/12 17:15:10 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\shyla resume - PANDEMIC.doc
    [2009/10/12 16:52:56 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\shyla resume 3-H1N1.doc
    [2009/10/12 16:48:27 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\shyla resume 3-1.doc
    [2009/10/11 16:04:00 | 00,000,526 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ResetTeaTimer.zip
    [2009/10/10 22:00:09 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/10 13:58:29 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/10/10 13:55:06 | 07,174,176 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    [2009/10/09 20:27:40 | 00,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lexmark Imaging Studio - 5400 Series.LNK
    [2009/10/09 20:23:44 | 00,000,054 | ---- | C] () -- C:\windows\System32\rp_stats.dat
    [2009/10/09 20:23:44 | 00,000,039 | ---- | C] () -- C:\windows\System32\rp_rules.dat
    [2009/10/09 20:20:38 | 00,040,960 | ---- | C] () -- C:\windows\System32\lxctvs.dll
    [2009/10/09 20:20:36 | 00,335,872 | ---- | C] () -- C:\windows\System32\lxctcoin.dll
    [2009/10/09 20:20:23 | 00,692,224 | ---- | C] () -- C:\windows\System32\lxctdrs.dll
    [2009/10/09 20:20:23 | 00,065,536 | ---- | C] () -- C:\windows\System32\lxctcaps.dll
    [2009/10/09 20:20:23 | 00,061,440 | ---- | C] () -- C:\windows\System32\lxctcnv4.dll
    [2009/10/09 20:19:57 | 00,032,768 | ---- | C] () -- C:\windows\System32\LXCTFXPU.DLL
    [2009/10/09 20:19:56 | 00,040,960 | ---- | C] () -- C:\windows\System32\lxctpmon.dll
    [2009/10/09 20:17:28 | 00,274,432 | ---- | C] () -- C:\windows\System32\LXCTinst.dll
    [2009/10/09 20:17:28 | 00,021,291 | ---- | C] () -- C:\windows\System32\LexFiles.ulf
    [2009/10/09 20:17:27 | 00,752,383 | ---- | C] () -- C:\windows\System32\lxcthelp.chm
    [2009/10/09 20:17:27 | 00,204,800 | ---- | C] () -- C:\windows\System32\lxctgrd.dll
    [2009/10/09 20:17:26 | 00,002,180 | ---- | C] () -- C:\windows\System32\lxct.loc
    [2009/10/09 16:17:31 | 00,989,967 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\invitation_final.jpg
    [2009/10/09 13:17:07 | 00,001,941 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cake Mania-MainStreet.lnk
    [2009/10/08 17:47:16 | 00,032,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\image.jpg
    [2009/10/08 17:38:05 | 00,027,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sophie.jpg
    [2009/10/06 20:00:13 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WinZip.lnk
    [2009/10/06 20:00:13 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
    [2009/10/06 20:00:12 | 00,002,627 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WordPerfect X4.lnk
    [2009/04/19 0903 | 00,000,121 | ---- | C] () -- C:\windows\bdagent.INI
    [2009/03/31 20:41:31 | 00,003,840 | ---- | C] () -- C:\windows\System32\drivers\BANTExt.sys
    [2008/08/06 15:39:40 | 00,000,176 | ---- | C] () -- C:\windows\LEXSTAT.INI
    [2008/04/09 15:11:13 | 02,111,692 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
    [2008/04/04 13:23:08 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
    [2007/12/22 22:47:28 | 00,000,069 | ---- | C] () -- C:\windows\cdplayer.ini
    [2007/09/06 2344 | 00,024,360 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
    [2007/07/06 23:43:38 | 00,000,105 | ---- | C] () -- C:\windows\iPlayer.INI
    [2007/06/23 18:37:39 | 00,001,519 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\error.log
    [2007/06/23 18:37:39 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\config.tcf
    [2007/06/21 14:37:08 | 00,003,289 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\com.kennettnet.MusicRescue.plist
    [2007/06/21 14:37:07 | 00,035,550 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\com.kennettnet.MusicRescueProfiles.plist
    [2007/04/25 15:18:24 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/03/12 17:10:42 | 00,000,884 | ---- | C] () -- C:\windows\shlfolder.sys
    [2007/01/08 22:42:42 | 00,097,280 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/12/29 16:40:25 | 00,000,141 | ---- | C] () -- C:\windows\disney.ini
    [2006/12/28 22:36:12 | 00,000,179 | ---- | C] () -- C:\windows\disneysy.ini
    [2006/12/27 13:45:05 | 00,034,160 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2006/12/12 14:00:26 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
    [2006/12/12 13:54:42 | 00,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
    [2006/12/02 07:54:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
    [2006/12/02 07:54:37 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2006/12/02 07:52:12 | 00,006,528 | ---- | C] () -- C:\windows\System32\drivers\Tbiosdrv.sys
    [2006/09/04 21:07:21 | 00,000,061 | ---- | C] () -- C:\windows\smscfg.ini
    [2006/01/30 03:45:42 | 00,000,000 | ---- | C] () -- C:\windows\System32\px.ini
    [2006/01/29 23:10:08 | 00,118,784 | ---- | C] () -- C:\windows\System32\TCtrlIO.dll
    [2006/01/29 22:32:20 | 00,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
    [2006/01/29 22:29:57 | 00,036,736 | ---- | C] () -- C:\windows\System32\drivers\CSIIDecoder_kern_i386. sys
    [2006/01/29 22:29:57 | 00,029,184 | ---- | C] () -- C:\windows\System32\drivers\TSXT_kern_i386.sys
    [2006/01/29 22:29:07 | 00,000,879 | ---- | C] () -- C:\windows\wininit.ini
    [2006/01/29 22:28:01 | 00,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
    [2006/01/29 22:28:01 | 00,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
    [2006/01/29 22:28:01 | 00,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
    [2006/01/29 22:28:01 | 00,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
    [2006/01/29 22:28:01 | 00,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
    [2006/01/29 22:28:01 | 00,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
    [2006/01/29 22:23:08 | 00,128,113 | ---- | C] () -- C:\windows\System32\csellang.ini
    [2006/01/29 22:23:08 | 00,045,056 | ---- | C] () -- C:\windows\System32\csellang.dll
    [2006/01/29 22:23:08 | 00,010,165 | ---- | C] () -- C:\windows\System32\tosmreg.ini
    [2006/01/29 22:23:08 | 00,007,671 | ---- | C] () -- C:\windows\System32\cseltbl.ini
    [2006/01/29 22:22:21 | 00,135,168 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
    [2006/01/29 21:12:43 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
    [2006/01/29 20:45:55 | 00,000,791 | ---- | C] () -- C:\windows\orun32.ini
    [2006/01/29 19:25:21 | 00,002,392 | ---- | C] () -- C:\windows\System32\oeminfo.ini
    [2006/01/29 19:24:48 | 00,000,730 | ---- | C] () -- C:\windows\win.ini
    [2006/01/29 19:24:44 | 00,000,227 | ---- | C] () -- C:\windows\system.ini
    [2005/09/02 20:14:00 | 00,110,592 | ---- | C] () -- C:\windows\System32\TosBtAcc.dll
    [2005/08/31 11:43:32 | 00,098,304 | ---- | C] () -- C:\windows\System32\resourceGeneric.dll
    [2005/08/05 19:31:54 | 00,235,008 | ---- | C] () -- C:\windows\System32\psisdecd.dll
    [2005/07/23 03:00:00 | 00,065,536 | ---- | C] () -- C:\windows\System32\TosCommAPI.dll
    [2004/07/20 22:34:00 | 00,094,208 | ---- | C] () -- C:\windows\System32\TosBtHcrpAPI.dll
    [2004/01/15 20:13:00 | 00,114,688 | ---- | C] () -- C:\windows\System32\TBTMonUI.dll
    [2002/10/14 15:39:18 | 00,000,184 | ---- | C] () -- C:\windows\System32\lxbbcoin.ini
    [1996/04/03 17:03:26 | 00,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys

    ========== LOP Check ==========

    [2009/10/12 22:38:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2009/01/30 14:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2009/05/13 15:10:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    [2009/10/11 14:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
    [2009/05/24 09:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
    [2008/04/07 14:23:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
    [2007/08/28 17:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
    [2009/02/25 15:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
    [2009/09/11 13:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2007/08/03 20:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2009/10/09 13:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2006/01/29 20:48:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
    [2008/05/19 15:43:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
    [2009/08/16 13:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2006/12/29 21:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
    [2009/05/15 13:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/09/04 21:31:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    [2009/10/11 08:28:28 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data
    [2009/10/09 20:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\5400 Series
    [2009/03/18 16:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boolat Games
    [2009/09/04 22:06:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CameraWindowDC
    [2009/09/04 21:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CANON INC
    [2007/12/27 00:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus.media
    [2009/08/26 12:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Corel
    [2008/05/07 23:48:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dvdcss
    [2009/09/11 13:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
    [2007/06/29 20:08:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
    [2008/01/21 16:52:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
    [2009/01/21 18:52:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GarageGames
    [2009/08/11 1457 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GraveyardShift
    [2006/12/02 07:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intel
    [2009/03/22 19:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
    [2007/09/24 19:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
    [2006/12/29 16:50:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
    [2008/04/07 14:23:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
    [2007/03/27 14:34:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MysteryStudio
    [2009/02/25 15:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Games
    [2007/05/27 12:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ohana Games
    [2008/07/23 14:16:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
    [2009/09/11 13:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
    [2007/06/22 23:53:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sandlot Games
    [2008/04/04 18:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
    [2009/03/24 16:45:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
    [2007/04/07 20:31:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
    [2009/09/12 14:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
    [2009/10/09 13:15:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    [2009/09/06 10:12:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
    [2009/10/11 14:42:19 | 00,000,472 | ---- | M] () -- C:\windows\Tasks\Ad-Aware Update (Weekly).job
    [2009/10/08 15:39:02 | 00,000,284 | ---- | M] () -- C:\windows\Tasks\AppleSoftwareUpdate.job
    [2004/08/10 09:30:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
    [2009/10/15 22:42:59 | 00,000,882 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2009/10/15 22:26:02 | 00,000,886 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2009/10/15 22:42:55 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT
    [2009/12/26 00:00:18 | 00,000,422 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{F2F48E37-C797-4BDA-BAF9-90273EB4E597}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E8EA1
    @Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00811B66
    @Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10F6E97E
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE3A2438
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED45A20F
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP8134D8F
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:741CA49D
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3857ABB7
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFCCC46E
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A93447
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83EC3BCE
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:269C0B5C
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPD874E14
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP48500F8
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP2A5A561
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E903DEB
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85B76BC6
    < End of report >
  11. 16-10-2009  #40
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Let's try Combofix again......

    Please download ComboFix from Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
+ Reply to Thread
Page 4 of 7 FirstFirst 1 2 3 4 5 6 7 LastLast
« [Active] DL.exe | [Resolved] Can't get IP, slow boot »