Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

need help with possible virus [Solved]

Started by caras , Nov 17 2009 02:55 PM

  • This topic is locked This topic is locked

#1
caras
Posted 17 November 2009 - 02:55 PM

caras

    Member

  • Member
  • PipPip
  • 36 posts
I've been having problems with certain things running on the internet the last few days. I thought maybe it was just a java or IE problem, but it's not.
Here's a link to where I posted before describing the problems and what has been tried to fix it.
http://www.geekstogo...26#entry1686326

I then came here and went through the cleaning guide. I'll post the logs for Malwarebytes' Anti-Malware and from Rootkit Detectiona at the end of this post. I tried to dl OTL but my internet security reccomends not allowing it. (I use Kaspersky)

Okay I tried to post the logs..I saved them but not when I search for them on my computer they're not there.

I ran the Malware one again, and there were 8 more items detected. Heres the log from running it this time: (I clicked on logs afterwards and it only shows this one..not my first one)

Malwarebytes' Anti-Malware 1.41
Database version: 3189
Windows 6.0.6002 Service Pack 2

17/11/2009 4:02:29 PM
mbam-log-2009-11-17 (16-02-29).txt

Scan type: Quick Scan
Objects scanned: 100025
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






I ran the RootRepeal again..I don't think it completely finishes when I run it though, it pops up and says : Could not read system registry. Contact the author.
But here's the scan from when I just ran it again now:

Drivers
-------------------
Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x92200000 Size: 40960 File Visible: No Signed: -
Status: -

Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x8F9B6000 Size: 118784 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x84000000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spfa.sys
Image Path: C:\Windows\System32\Drivers\spfa.sys
Address: 0x84A0F000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1336 Status: Locked to the Windows API!

==EOF==

Edited by caras, 17 November 2009 - 03:08 PM.

  • 0

Advertisements

#2
azarl
Posted 20 November 2009 - 02:46 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi caras

Welcome to Geekstogo. I'm Azarl and I'll be helping you. I'm going through your logs now, please be patient as this may take a while.


Welcome to Geekstogo. I'm Azarl and I'll be helping you.
  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarifiation.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • 0

#3
azarl
Posted 21 November 2009 - 04:00 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi caras

It is important that you run OTL, it is very difficult to ascertain if you have any issues without doing so.

Posted Image OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.

  • Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\helpsvc.exe /s /md5
    %SYSTEMDRIVE%\dumprep.exe /s /md5
    %SYSTEMDRIVE%\svchost.exe /s /md5
    %systemroot%\system32\*.sys /s /md5

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
  • 0

#4
caras
Posted 23 November 2009 - 09:46 AM

caras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
OTL.Txt log:

OTL logfile created on: 23/11/2009 10:20:09 AM - Run 1
OTL by OldTimer - Version 3.1.7.0 Folder = C:\Users\Cara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 56.39% Memory free
3.74 Gb Paging File | 2.61 Gb Available in Paging File | 69.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 55.73 Gb Free Space | 38.62% Space Free | Partition Type: NTFS
Drive D: | 144.03 Gb Total Space | 55.85 Gb Free Space | 38.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/23 10:18:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Cara\Desktop\OTL.exe
PRC - [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/25 13:19:10 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2009/07/25 13:19:10 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2009/04/11 01:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
PRC - [2008/10/16 19:11:26 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 19:11:26 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 18:23:30 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/16 18:15:38 | 00,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/10/16 17:26:40 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/06/20 00:04:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/03/27 10:13:18 | 00,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/03/27 10:13:11 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe
PRC - [2008/02/27 18:07:26 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
PRC - [2008/02/27 18:07:14 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdnserv.exe
PRC - [2008/01/19 02:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 02:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/19 02:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 02:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 17:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/05/25 08:38:20 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/02/20 04:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/02/15 04:07:16 | 04,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/07 02:04:26 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/31 17:18:42 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/01/24 12:27:50 | 00,319,488 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2006/12/29 19:51:56 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2002/02/14 09:48:06 | 00,299,008 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE
PRC - [2002/01/24 08:09:56 | 00,174,592 | ---- | M] () -- C:\Windows\System32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/23 10:18:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Cara\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/07/29 20:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll
MOD - [2008/07/29 20:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll
MOD - [2008/07/29 20:21:40 | 00,011,016 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
MOD - [2008/07/29 20:20:58 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/22 00:38:19 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/25 13:19:10 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009/03/29 23:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 13:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/10/16 18:24:24 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/10/16 18:23:30 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/20 00:04:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/02/27 18:07:26 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 18:07:14 | 00,098,984 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/26 21:32:55 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/12 17:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/25 08:38:38 | 00,099,248 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)
SRV - [2007/05/25 08:38:20 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2007/02/07 02:04:26 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/31 17:18:42 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/29 19:51:56 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/12/14 19:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/02/14 09:48:06 | 00,299,008 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://ca.rd.yahoo.c...://ca.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 07:23:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/28 18:43:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/21 19:25:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 21:56:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/02/21 14:30:23 | 00,000,000 | ---D | M]

[2008/11/26 11:03:50 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\i42jgk9e.default\extensions
[2008/11/26 11:03:51 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\i42jgk9e.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/11/15 20:49:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/21 19:25:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/04 19:36:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/18 17:03:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/06/26 00:03:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/02/21 20:06:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/21 19:07:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/12 00:59:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/14 12:08:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/02/21 19:25:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/02/21 19:25:34 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009/02/21 19:25:34 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009/02/21 19:25:34 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009/02/21 19:25:35 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2009/02/21 19:25:35 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2008/11/11 02:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/21 19:25:38 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/02/21 17:31:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/02/21 17:31:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/02/21 17:31:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/02/21 17:31:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/02/21 17:31:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/02/21 17:31:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/02/21 17:31:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/02/21 19:25:40 | 00,001,514 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/02/21 19:25:40 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/02/21 19:25:40 | 00,001,038 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/02/21 19:25:40 | 00,001,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/02/21 19:25:40 | 00,002,351 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/02/21 19:25:40 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....NPUplden-ca.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://evansmommy.sp...nPUplden-ca.cab (Windows Live Photo Upload Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...o.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{708a80c8-c348-11de-9bb7-001921efbc04}\Shell - "" = AutoRun
O33 - MountPoints2\{708a80c8-c348-11de-9bb7-001921efbc04}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
O33 - MountPoints2\{708a80c8-c348-11de-9bb7-001921efbc04}\Shell\directx\command - "" = J:\DirectX\dxsetup.exe -- File not found
O33 - MountPoints2\{708a80c8-c348-11de-9bb7-001921efbc04}\Shell\setup\command - "" = J:\setup.exe -- File not found
O33 - MountPoints2\{7b97d931-e7c7-11dd-b910-001921efbc04}\Shell - "" = AutoRun
O33 - MountPoints2\{7b97d931-e7c7-11dd-b910-001921efbc04}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9ca833bb-e395-11dd-8c2a-001921efbc04}\Shell - "" = AutoRun
O33 - MountPoints2\{9ca833bb-e395-11dd-8c2a-001921efbc04}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/08/25 10:03:02 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/11/17 15:16:35 | 00,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2009/11/17 15:16:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/17 15:16:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/17 15:16:22 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/17 15:16:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/17 15:05:45 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/17 15:05:20 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/17 08:19:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/13 19:48:58 | 00,000,000 | ---D | C] -- C:\Users\Chris\Tracing
[2009/11/10 05:35:38 | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/10 05:35:38 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/10 05:35:38 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/01/06 11:35:04 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDNhcp.dll
[2009/01/06 11:35:03 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdninpa.dll
[2009/01/06 11:35:03 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdniesc.dll
[2009/01/06 11:35:02 | 01,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdnserv.dll
[2009/01/06 11:35:02 | 00,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdnusb1.dll
[2009/01/06 11:35:01 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnpmui.dll
[2009/01/06 11:35:01 | 00,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdnlmpm.dll
[2009/01/06 11:35:01 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdnprox.dll
[2009/01/06 11:34:59 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdnhbn3.dll
[2009/01/06 11:34:57 | 00,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdncomc.dll
[2009/01/06 11:34:57 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdncomm.dll
[2008/03/10 10:00:50 | 00,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdcusb1.dll
[2008/03/10 10:00:50 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdcinpa.dll
[2008/03/10 10:00:50 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdciesc.dll
[2008/03/10 10:00:50 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDChcp.dll
[2008/03/10 10:00:49 | 01,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdcserv.dll
[2008/03/10 10:00:49 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdcpmui.dll
[2008/03/10 10:00:49 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdclmpm.dll
[2008/03/10 10:00:49 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdcprox.dll
[2008/03/10 10:00:49 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdcpplc.dll
[2008/03/10 10:00:48 | 00,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdchbn3.dll
[2008/03/10 10:00:48 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdccomc.dll
[2008/03/10 10:00:48 | 00,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdccomm.dll
[2007/04/30 17:18:22 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/23 10:20:32 | 05,505,024 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2009/11/23 10:18:34 | 00,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{cf6fe502-28d0-11dd-9bea-001921efbc04}.TMContainer00000000000000000001.regtrans-ms
[2009/11/23 10:18:34 | 00,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{cf6fe502-28d0-11dd-9bea-001921efbc04}.TM.blf
[2009/11/23 09:17:53 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/23 09:17:53 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/23 07:22:28 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/23 07:22:28 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/23 07:22:28 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/23 07:17:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/23 07:17:50 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2009/11/23 07:17:47 | 18,785,81248 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/22 23:00:13 | 07,626,784 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/11/22 23:00:13 | 01,327,136 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009/11/22 23:00:13 | 00,061,712 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/11/22 23:00:13 | 00,006,664 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2009/11/22 22:55:45 | 03,417,410 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2009/11/22 21:26:02 | 00,065,536 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 15:16:31 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 15:05:20 | 00,000,737 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2009/11/17 15:05:20 | 00,000,718 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2009/11/17 08:19:06 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/16 12:33:05 | 06,845,677 | ---- | M] () -- C:\Users\Chris\Documents\AutoRuns.arn
[2009/11/16 09:56:02 | 00,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2009/11/12 08:23:55 | 01,606,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/17 15:16:31 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 15:05:20 | 00,000,737 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2009/11/17 15:05:20 | 00,000,718 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2009/11/17 08:19:06 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/16 12:33:04 | 06,845,677 | ---- | C] () -- C:\Users\Chris\Documents\AutoRuns.arn
[2009/10/27 17:28:02 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/20 17:52:55 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 17:52:25 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/10/11 10:22:11 | 00,064,060 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\EVAN LITTLE BIT BIG.csa
[2009/10/11 09:52:35 | 00,060,800 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\EVAN MEDIUM.csa
[2009/10/11 09:33:33 | 00,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\badclose.bin
[2009/09/28 18:37:24 | 00,001,120 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/13 15:47:41 | 00,062,324 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\evan small 1.csa
[2009/08/13 15:45:29 | 00,062,324 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\e.csa
[2009/08/13 15:26:51 | 00,065,334 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\evan medium 2.csa
[2009/08/13 15:05:09 | 00,065,258 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\evan big 2.csa
[2009/08/12 19:16:40 | 00,062,778 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\evan medium 1.csa
[2009/08/12 18:57:53 | 00,062,778 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\evan mediqm 1.csa
[2009/07/26 19:45:31 | 00,059,776 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/04/15 16:06:11 | 00,064,990 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\big1.csa
[2009/02/21 14:13:10 | 00,009,085 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/02/04 23:32:05 | 00,000,160 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\default.rss
[2009/01/25 22:00:13 | 00,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/01/22 14:37:11 | 00,060,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\medium2.csa
[2009/01/06 11:42:01 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdncoin.dll
[2009/01/06 11:38:18 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/01/06 11:38:18 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/01/06 11:37:58 | 00,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/01/06 11:37:58 | 00,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/01/06 11:35:14 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdnrwrd.ini
[2009/01/06 11:35:04 | 00,348,160 | ---- | C] () -- C:\Windows\System32\LXDNinst.dll
[2009/01/06 11:34:59 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdngrd.dll
[2008/12/09 14:29:23 | 00,058,962 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\medium.csa
[2008/12/09 10:08:32 | 00,060,202 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\big2.csa
[2008/12/04 13:26:21 | 00,059,957 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\little2.csa
[2008/12/01 17:49:07 | 00,000,103 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\dlc237gylulpp.csa
[2008/11/30 19:55:06 | 00,061,949 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\abc.csa
[2008/11/30 17:35:35 | 00,061,800 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\big.csa
[2008/11/30 16:57:30 | 00,061,400 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\little.csa
[2008/11/30 13:14:23 | 00,067,852 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\giant dizzy.csa
[2008/11/30 12:54:55 | 00,067,850 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\giant.csa
[2008/10/05 13:43:31 | 00,069,200 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Evan 3.csa
[2008/10/05 12:32:41 | 00,073,246 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Evan Big.csa
[2008/10/05 10:40:38 | 00,002,390 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\LoadCach.bin
[2008/10/04 20:28:03 | 00,065,042 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\chris 1.csa
[2008/10/04 19:48:24 | 00,000,177 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\prefs.bin
[2008/10/04 15:54:13 | 00,004,697 | ---- | C] () -- C:\Windows\disney.ini
[2008/08/06 15:10:46 | 00,000,672 | ---- | C] () -- C:\ProgramData\lxdc
[2008/07/04 08:09:26 | 00,029,699 | ---- | C] () -- C:\Windows\System32\ashhwun.dll
[2008/07/04 08:07:10 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008/03/10 10:01:27 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdcrwrd.ini
[2008/03/10 10:00:51 | 00,286,720 | ---- | C] () -- C:\Windows\System32\LXDCinst.dll
[2008/03/10 10:00:48 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdcgrd.dll
[2008/02/11 15:02:42 | 00,000,168 | RHS- | C] () -- C:\Windows\System32\E2C4E04C5F.sys
[2008/01/12 12:04:05 | 00,028,672 | ---- | C] () -- C:\Windows\pccuo.dll
[2008/01/12 12:04:05 | 00,001,711 | ---- | C] () -- C:\Windows\~~~runcd.ini
[2007/11/28 12:51:49 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdnvs.dll
[2007/11/20 19:02:39 | 00,782,336 | ---- | C] () -- C:\Windows\System32\lxdndrs.dll
[2007/11/20 18:44:48 | 00,081,920 | ---- | C] () -- C:\Windows\System32\lxdncaps.dll
[2007/10/05 19:57:07 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/02 17:51:09 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdncnv4.dll
[2007/09/18 12:14:21 | 00,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll
[2007/09/10 12:21:35 | 00,065,536 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/07 14:14:57 | 03,417,410 | -H-- | C] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2007/09/07 14:14:29 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/09/07 14:14:28 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/09/07 14:11:35 | 00,059,776 | ---- | C] () -- C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/04/30 17:53:20 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/04/30 17:18:22 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/30 16:37:14 | 00,000,593 | ---- | C] () -- C:\Windows\generic.ini
[2007/04/30 16:37:14 | 00,000,107 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/03/28 13:16:44 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxdccoin.dll
[2007/02/20 12:59:08 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/20 12:59:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/02/20 11:24:46 | 00,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007/02/07 01:58:10 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/07 01:57:58 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/07 01:57:20 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/07 01:56:30 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/07 01:56:28 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/07 01:52:08 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 17:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 00,690,960 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 05:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 05:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:30:49 | 00,024,578 | ---- | C] () -- C:\Windows\System32\yhck32i.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 02:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 02:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 01:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2006/05/18 01:47:12 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdcvs.dll
[2001/12/26 17:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/10/11 10:33:52 | 00,061,949 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\abc.csa
[2009/08/06 13:24:21 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ace
[2008/12/05 14:33:54 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acer
[2008/04/18 01:30:43 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Adobe
[2007/10/10 20:03:27 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AdobeUM
[2009/05/30 20:53:23 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Any Video Converter
[2008/08/11 11:25:26 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Apple Computer
[2009/10/11 09:33:33 | 00,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\badclose.bin
[2008/12/09 10:07:54 | 00,061,800 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\big.csa
[2009/04/15 16:06:11 | 00,064,990 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\big1.csa
[2008/12/10 08:29:59 | 00,060,202 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\big2.csa
[2009/05/21 00:20:04 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CamBam
[2008/10/04 20:28:03 | 00,065,042 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\chris 1.csa
[2009/02/02 10:48:04 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Corel
[2009/10/27 17:44:07 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
[2009/02/05 18:54:07 | 00,000,160 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\default.rss
[2009/01/26 01:06:50 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DivX
[2008/12/01 17:49:07 | 00,000,103 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\dlc237gylulpp.csa
[2009/11/21 14:38:42 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVD Flick
[2009/11/21 14:37:49 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\dvdcss
[2009/08/13 15:45:29 | 00,062,324 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\e.csa
[2008/10/05 13:43:31 | 00,069,200 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Evan 3.csa
[2009/08/13 15:05:09 | 00,065,258 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\evan big 2.csa
[2008/10/05 12:45:56 | 00,073,246 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Evan Big.csa
[2009/10/11 10:22:12 | 00,064,060 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\EVAN LITTLE BIT BIG.csa
[2009/08/12 18:57:53 | 00,062,778 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\evan mediqm 1.csa
[2009/08/12 19:16:40 | 00,062,778 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\evan medium 1.csa
[2009/08/13 15:26:51 | 00,065,334 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\evan medium 2.csa
[2009/10/11 09:52:35 | 00,060,800 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\EVAN MEDIUM.csa
[2009/08/13 15:47:41 | 00,062,324 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\evan small 1.csa
[2009/04/30 11:34:15 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FaxCtr
[2008/10/05 11:34:55 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GARMIN
[2009/07/26 19:45:31 | 00,059,776 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2008/11/30 13:14:23 | 00,067,852 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\giant dizzy.csa
[2008/11/30 13:02:33 | 00,067,850 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\giant.csa
[2009/06/20 02:44:00 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Google
[2009/09/28 18:44:29 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HP
[2007/09/07 14:10:37 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Identities
[2009/02/05 12:27:38 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InfraRecorder
[2008/02/11 14:47:41 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InstallShield
[2009/02/28 15:58:57 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Intuit Canada
[2008/08/09 18:30:44 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Jasc Software Inc
[2007/09/07 14:20:21 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2009/01/06 13:16:09 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Lexmark Productivity Studio
[2008/05/02 00:54:28 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LimeWire
[2008/11/30 16:57:30 | 00,061,400 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\little.csa
[2008/12/04 13:26:21 | 00,059,957 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\little2.csa
[2009/10/11 10:34:15 | 00,002,390 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\LoadCach.bin
[2007/09/07 14:12:13 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2009/11/17 15:16:35 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2008/12/05 14:52:19 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mbfooooeefqjomkvz
[2006/11/02 07:37:34 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[2008/12/09 14:29:23 | 00,058,962 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\medium.csa
[2009/01/22 14:39:43 | 00,060,144 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\medium2.csa
[2009/03/03 01:33:12 | 00,000,000 | --SD | M] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2007/09/18 13:01:18 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2009/01/25 23:46:30 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nero
[2009/02/21 20:53:32 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2009/08/13 15:48:48 | 00,000,177 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\prefs.bin
[2009/01/22 14:41:47 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Track Color Preference Settings
[2009/01/16 01:22:01 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\U3
[2008/11/26 13:31:40 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\vlc
[2009/01/25 21:22:53 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2009/09/28 18:43:37 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Yahoo!
[2009/11/16 09:56:02 | 00,000,400 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2009/11/23 07:17:54 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/22 22:59:31 | 00,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/13 07:01:38 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/02/13 07:01:38 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 07:01:38 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMDRIVE%\nvgts.sys /s /md5 >
< End of report >



Extras. Txt log:


OTL Extras logfile created on: 23/11/2009 10:20:09 AM - Run 1
OTL by OldTimer - Version 3.1.7.0 Folder = C:\Users\Cara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 56.39% Memory free
3.74 Gb Paging File | 2.61 Gb Available in Paging File | 69.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 55.73 Gb Free Space | 38.62% Space Free | Partition Type: NTFS
Drive D: | 144.03 Gb Total Space | 55.85 Gb Free Space | 38.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A5B65D-4E71-4730-A42A-CFEA052857BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DEE42F89-5598-4D4A-9C24-717906DBF575}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0036FBA5-1E5E-4CE7-B1E0-86262EEEEC8E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{071B2445-F5A3-412F-B13B-313A29A36F9A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{0904215A-C8D2-470E-ABB6-47B03CB038A9}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{0A36EA52-40C6-4286-A708-0D1BA124310E}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnamon.exe |
"{0A76D811-8C27-400C-9776-9771CA82563A}" = protocol=17 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{1042DFC6-C9BD-44B4-9579-D27CB0760DC2}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1E92CDA1-8B98-49DE-953D-4B8DF064D03D}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"{38266456-356F-426C-B1A5-5D308D0403FE}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{402A78BD-B833-4746-ADA8-DA8DABEDE9EC}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{4503D856-B10E-488F-B18C-7EB281B23BEF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{47EAEC8E-2FD0-4A69-B19D-DDC8A207FC18}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe |
"{4EDE62C1-1249-45E7-9F4A-5E15D94717F8}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{4FDA5E84-EDC3-48CC-9DC1-77BA46F58787}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{4FF82F37-EE27-4C93-B5DF-28D04B99140C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnwbgw.exe |
"{51A7179C-BE0C-4510-A271-E35A2F6D8994}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"{535B2E93-4136-47C8-8E32-A486D3D481B5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnwbgw.exe |
"{540A39EE-E5D9-4406-BFDF-58C6FFADF963}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{62E15648-66E9-4C80-8366-2C176508984A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe |
"{6939BB91-82E4-4F94-B5FC-260713182C88}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{6C70061A-D642-4898-BB21-1AE52C9287C5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe |
"{6F765951-B328-4C46-BF63-7CFA0EE0D61F}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{79072BF0-B536-4A48-8890-2BAC95E6491C}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe |
"{87F131E4-C2CF-4C04-869B-6183515D3EE1}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"{9721F8A4-1E52-4DBF-A093-17BD36DA4F57}" = dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{99AF8969-C215-4D58-AE5D-83B2C40BB566}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe |
"{A14B0646-F14C-4BBB-A213-D7CD87052B2F}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{A3387AE9-9D91-4623-B210-C4AC75EC3179}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A56C62AD-92F3-46BA-B035-26CF7BAB2B28}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{A5931E37-49F9-429E-B639-5620E299CFBC}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{ACEB87A6-A024-4B40-B226-21FED65FD9D0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{AFD6FA64-E02B-4599-8DE7-776A68EF9ABA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B361DDAF-DF60-420B-853D-EC1942195969}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{BD72C747-8B61-46A3-919C-3022AED75199}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe |
"{C26D6416-DA7F-4814-8F0F-28028D967F9F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D076A7A1-08FA-481F-852B-D8A1F7DBE501}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{D12F2D07-FB57-4353-95A0-EA7EAF29AC9D}" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnamon.exe |
"{D7EBD2F9-B373-4DBE-A0FB-FCBB9D2441B6}" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\frun.exe |
"{D82FE7C3-5C65-4A65-89B2-8B71AEEABE9B}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{DAE6A1BF-7D4F-4C94-8252-C11FAC5D69D5}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{E29B2174-3F3A-49A7-8269-4E6B9791E7D6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{ED169162-5E64-4CC9-908E-180EA6D4BF53}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{FF60F99E-AF98-443E-AC15-F06B413FD259}" = protocol=6 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"TCP Query User{40D3183C-4B7E-421B-84BB-4443AA2698CE}C:\program files\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe |
"TCP Query User{462649BF-4DDD-49DC-BF32-F0B296F4FD2A}C:\program files\jasc software inc\paint shop pro 9\paint shop pro 9.exe" = protocol=6 | dir=in | app=c:\program files\jasc software inc\paint shop pro 9\paint shop pro 9.exe |
"TCP Query User{5B2CCBBE-D125-4210-A47A-573A13BFB0A1}C:\microsoft robotics studio (1.5)\bin\dsshost.exe" = protocol=6 | dir=in | app=c:\microsoft robotics studio (1.5)\bin\dsshost.exe |
"TCP Query User{9582319B-F53F-4BB4-B4A1-C52DECC3C6B2}C:\users\chris\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\chris\program files\dna\btdna.exe |
"TCP Query User{9739EDA3-4D63-4328-AD8D-E52634D9ECB7}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"TCP Query User{9DFB7E0E-CBC9-479C-AB7F-DF52DF2089D0}C:\program files\steam\steamapps\sublimis_onager\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sublimis_onager\source sdk base\hl2.exe |
"TCP Query User{C7B5FD56-687B-4EF9-9872-EF0782806AD4}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{CBFE06A3-1A8C-4C5F-89AB-8C342ECB33DC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F72CDBD9-9099-429D-85FB-36A08D53CC49}C:\program files\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"UDP Query User{1332FF16-847F-4FE9-827E-BA5002172E49}C:\users\chris\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\chris\program files\dna\btdna.exe |
"UDP Query User{1FF7F557-C346-4A39-9668-AAC628D837D7}C:\program files\jasc software inc\paint shop pro 9\paint shop pro 9.exe" = protocol=17 | dir=in | app=c:\program files\jasc software inc\paint shop pro 9\paint shop pro 9.exe |
"UDP Query User{3129C52F-40B2-4141-9AB9-489875F060AF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{317CA993-5BC0-438D-8BCC-59E1B332BFA2}C:\program files\steam\steamapps\sublimis_onager\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sublimis_onager\source sdk base\hl2.exe |
"UDP Query User{5A33EDE9-8A89-420F-9E14-0E3AB22C47FD}C:\program files\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"UDP Query User{85F34F7F-1CDC-4FEB-8E83-B5243EEA0757}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{A74F0422-B431-4337-B377-38CC345A72AE}C:\program files\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnmon.exe |
"UDP Query User{D44F8BF5-D5DF-442A-A5C9-E4031BF9AE4E}C:\program files\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2600 series\lxdnlscn.exe |
"UDP Query User{E8F85FE5-C79A-4432-A431-4954280CAB39}C:\microsoft robotics studio (1.5)\bin\dsshost.exe" = protocol=17 | dir=in | app=c:\microsoft robotics studio (1.5)\bin\dsshost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24E7B19B-EA09-483F-8735-97DD371E861B}" = SA32xx Media Converter
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30901794-9757-4E9C-B651-56E431CB839A}" = Disney-Pixar WALL-E Demo
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{506C59DD-A008-4B28-9CCF-6D1F0D56CF06}" = CamBamPlus
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{552D9410-E720-40FC-9971-C2BCD743C2AF}" = Ultimate Ride Disney Coaster
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5D1FFFCC-4C98-4F90-A667-959FD76313CC}" = Garmin MapSource Beta
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82D8304F-73D7-4EE6-8472-D0684BAA2865}" = AGEIA PhysX v7.05.06
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8898F144-AE98-45FE-B2C0-D4DD9A4C3210}" = Garmin Communicator Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A768CE9C-BB1B-4CCD-893F-E321CA24A0D4}" = Dinosaur
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{c4809d4c-1f28-41cc-8578-a72b75defb39}" = D2600
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF07A1C9-098F-47DD-99E0-B6558C33871B}" = Garmin MapSource
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D57ACD92-6A27-43BB-B3AE-894930940D41}" = SA32xx Media Converter
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD3F5BF0-ADC8-4143-9859-1062CEB04413}" = Disney's Extremely Goofy Skateboarding
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF1A5D73-39AC-43FC-892C-259B2CF2FD58}" = ClearView
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e382eb50-c5f2-42ca-bad0-901a12fc81ba}" = DJ_SF_05_D2600_Software_Min
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EA6197F3-B467-4c70-B450-42D9E0C11400}" = HP Deskjet D2600 Printer Driver Software 12.0 Rel .5
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC3930B9-E358-4769-94A9-AC0963B90627}" = Spy Kids 3D
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Any Video Converter_is1" = Any Video Converter 2.7.3
"BitComet" = BitComet 1.06
"ChairGun2" = ChairGun2
"CncSimulator_5.3b" = CncSimulator 4.52f
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DVD Flick_is1" = DVD Flick
"ERUNT_is1" = ERUNT 1.1j
"FLVPlayer" = FLV Player 1.3.3
"GameSpy Arcade" = GameSpy Arcade
"Garfield Midnight Snack" = Garfield Midnight Snack Screen Saver
"GSAK_is1" = GSAK 7.2.1.40 (Final)
"Halo" = Microsoft Halo
"Halo Trial" = Microsoft Halo Trial
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"Lexmark 1300 Series" = Lexmark 1300 Series
"Lexmark 2600 Series" = Lexmark 2600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LimeWire" = LimeWire 4.14.10
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"NVIDIA Drivers" = NVIDIA Drivers
"Parallel Port Joystick" = Parallel Port Joystick
"Shop for HP Supplies" = Shop for HP Supplies
"SmartPropoPlus" = SmartPropoPlus
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Tribes 2" = Tribes 2
"UT2004" = Unreal Tournament 2004
"VisualTool" = VisualTool
"VLC media player" = VLC media player 0.9.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinQuake" = WinQuake
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/11/2009 12:37:40 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module BitCometBHO_1.2.8.7.dll_unloaded, version 0.0.0.0,
time stamp 0x489a9230, exception code 0xc0000005, fault offset 0x0332c51e, process
id 0x1564, application start time 0x01ca6b2bb4fd7e50.

Error - 22/11/2009 2:43:52 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module BitCometBHO_1.2.8.7.dll_unloaded, version 0.0.0.0,
time stamp 0x489a9230, exception code 0xc0000005, fault offset 0x05aec51e, process
id 0xf1c, application start time 0x01ca6ba34c00459c.

Error - 22/11/2009 6:49:29 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module BitCometBHO_1.2.8.7.dll_unloaded, version 0.0.0.0,
time stamp 0x489a9230, exception code 0xc0000005, fault offset 0x04eac51e, process
id 0x1270, application start time 0x01ca6bc5b78aaa9c.

Error - 22/11/2009 7:53:14 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4621
Description =

Error - 22/11/2009 11:53:50 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4621
Description =

Error - 23/11/2009 9:07:33 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module BitCometBHO_1.2.8.7.dll_unloaded, version 0.0.0.0,
time stamp 0x489a9230, exception code 0xc0000005, fault offset 0x0501c51e, process
id 0x11a8, application start time 0x01ca6c3dcf631a31.

Error - 23/11/2009 10:37:39 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module BitCometBHO_1.2.8.7.dll_unloaded, version 0.0.0.0,
time stamp 0x489a9230, exception code 0xc0000005, fault offset 0x02bdc51e, process
id 0xe9c, application start time 0x01ca6c4a1520fdb1.

Error - 23/11/2009 10:39:22 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module BitCometBHO_1.2.8.7.dll_unloaded, version 0.0.0.0,
time stamp 0x489a9230, exception code 0xc0000005, fault offset 0x044ac51e, process
id 0xf88, application start time 0x01ca6c4a1ae60ab1.

Error - 23/11/2009 11:00:38 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module BitCometBHO_1.2.8.7.dll_unloaded, version 0.0.0.0,
time stamp 0x489a9230, exception code 0xc0000005, fault offset 0x0306c51e, process
id 0x14c4, application start time 0x01ca6c49b3c10331.

Error - 23/11/2009 11:01:42 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18828, time stamp
0x4a9600c9, faulting module BitCometBHO_1.2.8.7.dll_unloaded, version 0.0.0.0,
time stamp 0x489a9230, exception code 0xc0000005, fault offset 0x0241c51e, process
id 0x510, application start time 0x01ca6c4d371f0cb1.

[ Media Center Events ]
Error - 05/11/2007 6:53:52 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 08/11/2007 8:53:33 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 22/11/2007 8:53:35 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 24/11/2007 12:58:36 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 01/12/2007 8:53:18 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 18/04/2008 3:27:35 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 18/04/2008 8:48:04 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 28/08/2008 8:46:34 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 05/10/2009 3:28:18 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 28/10/2009 3:36:54 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 19/11/2009 1:52:16 PM | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 19/11/2009 1:52:21 PM | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 19/11/2009 1:52:47 PM | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 19/11/2009 1:52:51 PM | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20/11/2009 9:24:16 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 20/11/2009 9:24:16 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/11/2009 10:37:18 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 22/11/2009 10:37:18 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/11/2009 8:19:32 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 23/11/2009 8:19:32 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#5
azarl
Posted 23 November 2009 - 01:34 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi caras

Am I right in thinking that you are running Kaspersky Anti Virus? The reason I ask, there are still some Symantec bits left from an earlier install. We can get rid of those if you are not using Symantec (Norton)

Step 1
  • Please download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click Next
    • In the box to choose where to extract the files to, click Browse
    • Click on the + sign next to My Computer
    • Click on Local Disk (C:) or whatever your primary drive is
    • Click Make New Folder
    • Type in BFU
    • Click Next, and Uncheck the Show Extracted Files box and then click Finish.
  • RIGHT-CLICK HERE and choose Save As (in IE it's "Save Target/Link As") in order to download MyWebSearch and FunWebProduct Remover. Save it in the same folder you made earlier (on your desktop).

  • Then, please go to Start > My Computer and navigate to the BFU folder.
    • Start the Brute Force Uninstaller by double-clicking BFU.exe
    • Behind the scriptline to execute field click the folder icon Posted Image and select MyWebSearch.bfu
    • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
    • Wait for the complete script execution box to pop up and press OK.
    • Press exit to terminate the BFU program.
Step 2
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Processes 


:Services


:OTL
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O33 - MountPoints2\{708a80c8-c348-11de-9bb7-001921efbc04}\Shell - "" = AutoRun
O33 - MountPoints2\{708a80c8-c348-11de-9bb7-001921efbc04}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
O33 - MountPoints2\{708a80c8-c348-11de-9bb7-001921efbc04}\Shell\directx\command - "" = J:\DirectX\dxsetup.exe -- File not found
O33 - MountPoints2\{708a80c8-c348-11de-9bb7-001921efbc04}\Shell\setup\command - "" = J:\setup.exe -- File not found
O33 - MountPoints2\{7b97d931-e7c7-11dd-b910-001921efbc04}\Shell - "" = AutoRun
O33 - MountPoints2\{7b97d931-e7c7-11dd-b910-001921efbc04}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9ca833bb-e395-11dd-8c2a-001921efbc04}\Shell - "" = AutoRun
O33 - MountPoints2\{9ca833bb-e395-11dd-8c2a-001921efbc04}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found


:Commands
[purity]
[emptytemp]

[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Step 3
File Scanner
There is a file I need you to upload for checking
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Windows\System32\yhck32i.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#6
caras
Posted 23 November 2009 - 01:44 PM

caras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Yes, I use Kaspersky now.

I tried to do that first step, but I can't dl Brute Force Uninstaller. I tried just clicking on it, opening a new tab, and opening it in a new window but it just keeps freezing up my window every time.
  • 0

#7
azarl
Posted 23 November 2009 - 01:49 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
OK,

Just do the other steps to start with, we'll come back to tha
  • 0

#8
caras
Posted 23 November 2009 - 01:59 PM

caras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Okay started doing the fix in otl and a box popped up and said "range check error", and I had to ctrl+alt+del to log off and log back in because everything on my desktop diseapered. When I logged back in it was all there again though.
  • 0

#9
caras
Posted 23 November 2009 - 02:46 PM

caras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
3rd step won't work either..it won't let me paste or type anything into that box.
oh and I tried browse...but nothing shows up. Its hows the boxes on the left, but the right is empty no matter what I click on.

Edited by caras, 23 November 2009 - 02:47 PM.

  • 0

#10
azarl
Posted 23 November 2009 - 04:06 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Click on browse and navigate to

C:\Windows\System32\yhck32i.dll
  • 0

Advertisements

#11
caras
Posted 23 November 2009 - 07:45 PM

caras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Okay, I did it, but it, but when I click copy to clipboard nothing happens.
Nothing showed up though.

Here's the file information:
File Name : yhck32i.dll
File Size : 24578 byte
File Type : MS-DOS executable
MD5 : 469044405bbaad0cddf0dc8df02701f5
SHA1 : fb152e643668fb3dd0cacd46da8209db4645270e


Scanner results : Scanners did not find malware!

beside all of them under scan results it just has a dash
  • 0

#12
azarl
Posted 24 November 2009 - 02:53 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi caras

That file's OK

Step 1
I recommend you download and run the Symantec uninstaller from Here. Download it, run it and follow the instructions.

Step 2
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
HKLM\SOFTWARE\Classes\FunWebProducts /s
HKLM\SOFTWARE\Classes\MyWebSearch /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Step 3
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, please copy the log to your reply
  • 0

#13
caras
Posted 24 November 2009 - 08:08 AM

caras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Did the first step, and it finished with no problems. Could having those parts of Norton on my computer interfere with Kaspersky?


Did 2nd step, here's the log:
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 09:05 on 24/11/2009 by Chris (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch]
(Unable to open key - key not found)

-=End Of File=-

just about to do the 3rd step.
  • 0

#14
caras
Posted 24 November 2009 - 08:14 AM

caras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Log from OTL:

OTL logfile created on: 24/11/2009 9:08:58 AM - Run 2
OTL by OldTimer - Version 3.1.7.0 Folder = C:\Users\Cara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 49.36% Memory free
3.74 Gb Paging File | 2.59 Gb Available in Paging File | 69.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.30 Gb Total Space | 53.54 Gb Free Space | 37.10% Space Free | Partition Type: NTFS
Drive D: | 144.03 Gb Total Space | 59.27 Gb Free Space | 41.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/23 10:18:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Cara\Desktop\OTL.exe
PRC - [2009/07/25 13:19:10 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2009/07/25 13:19:10 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 01:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
PRC - [2008/10/16 19:11:26 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 19:11:26 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 18:23:30 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/16 18:15:38 | 00,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/06/20 00:04:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/03/27 10:13:18 | 00,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/03/27 10:13:11 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe
PRC - [2008/02/27 18:07:26 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
PRC - [2008/02/27 18:07:14 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdnserv.exe
PRC - [2008/01/19 02:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 02:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/05/25 08:38:20 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/02/20 04:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/02/15 04:07:16 | 04,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/07 02:04:26 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/31 17:18:42 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/01/24 12:27:50 | 00,319,488 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2006/12/29 19:51:56 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2002/02/14 09:48:06 | 00,299,008 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE
PRC - [2002/01/24 08:09:56 | 00,174,592 | ---- | M] () -- C:\Windows\System32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/23 10:18:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Cara\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/07/29 20:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll
MOD - [2008/07/29 20:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll
MOD - [2008/07/29 20:21:40 | 00,011,016 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
MOD - [2008/07/29 20:20:58 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/22 00:38:19 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/25 13:19:10 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009/03/29 23:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 13:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/10/16 18:24:24 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/10/16 18:23:30 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/20 00:04:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/02/27 18:07:26 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 18:07:14 | 00,098,984 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/09/26 21:32:55 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/25 08:38:38 | 00,099,248 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)
SRV - [2007/05/25 08:38:20 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2007/02/07 02:04:26 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/31 17:18:42 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/29 19:51:56 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/12/14 19:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/02/14 09:48:06 | 00,299,008 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://ca.rd.yahoo.c...://ca.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 07:23:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/28 18:43:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/21 19:25:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 21:56:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/02/21 14:30:23 | 00,000,000 | ---D | M]

[2008/11/26 11:03:50 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\i42jgk9e.default\extensions
[2008/11/26 11:03:51 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\i42jgk9e.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/11/15 20:49:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/21 19:25:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/04 19:36:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/18 17:03:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/06/26 00:03:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/02/21 20:06:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/21 19:07:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/12 00:59:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/14 12:08:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/02/21 19:25:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/02/21 19:25:34 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009/02/21 19:25:34 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009/02/21 19:25:34 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009/02/21 19:25:35 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2009/02/21 19:25:35 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2008/11/11 02:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/21 19:25:38 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/02/21 17:31:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/02/21 17:31:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/02/21 17:31:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/02/21 17:31:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/02/21 17:31:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/02/21 17:31:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/02/21 17:31:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/02/21 19:25:40 | 00,001,514 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/02/21 19:25:40 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/02/21 19:25:40 | 00,001,038 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/02/21 19:25:40 | 00,001,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/02/21 19:25:40 | 00,002,351 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/02/21 19:25:40 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [SYMNRT] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....NPUplden-ca.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://evansmommy.sp...nPUplden-ca.cab (Windows Live Photo Upload Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...o.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/23 14:53:39 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/17 15:16:35 | 00,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2009/11/17 15:16:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/17 15:16:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/17 15:16:22 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/17 15:16:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/17 15:05:45 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/17 15:05:20 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/17 08:19:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/13 19:48:58 | 00,000,000 | ---D | C] -- C:\Users\Chris\Tracing
[2009/01/06 11:35:04 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDNhcp.dll
[2009/01/06 11:35:03 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdninpa.dll
[2009/01/06 11:35:03 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdniesc.dll
[2009/01/06 11:35:02 | 01,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdnserv.dll
[2009/01/06 11:35:02 | 00,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdnusb1.dll
[2009/01/06 11:35:01 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnpmui.dll
[2009/01/06 11:35:01 | 00,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdnlmpm.dll
[2009/01/06 11:35:01 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdnprox.dll
[2009/01/06 11:34:59 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdnhbn3.dll
[2009/01/06 11:34:57 | 00,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdncomc.dll
[2009/01/06 11:34:57 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdncomm.dll
[2008/03/10 10:00:50 | 00,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdcusb1.dll
[2008/03/10 10:00:50 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdcinpa.dll
[2008/03/10 10:00:50 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdciesc.dll
[2008/03/10 10:00:50 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDChcp.dll
[2008/03/10 10:00:49 | 01,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdcserv.dll
[2008/03/10 10:00:49 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdcpmui.dll
[2008/03/10 10:00:49 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdclmpm.dll
[2008/03/10 10:00:49 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdcprox.dll
[2008/03/10 10:00:49 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdcpplc.dll
[2008/03/10 10:00:48 | 00,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdchbn3.dll
[2008/03/10 10:00:48 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdccomc.dll
[2008/03/10 10:00:48 | 00,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdccomm.dll
[2007/04/30 17:18:22 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/24 09:09:17 | 05,505,024 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2009/11/24 09:07:25 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/24 09:07:25 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/24 09:07:25 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/24 09:05:24 | 00,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{cf6fe502-28d0-11dd-9bea-001921efbc04}.TMContainer00000000000000000001.regtrans-ms
[2009/11/24 09:05:24 | 00,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{cf6fe502-28d0-11dd-9bea-001921efbc04}.TM.blf
[2009/11/24 09:03:02 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 09:03:02 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 09:02:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/24 09:02:55 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2009/11/24 09:02:52 | 18,785,81248 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/24 09:01:28 | 07,626,784 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/11/24 09:01:28 | 01,327,136 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009/11/24 09:01:28 | 00,061,712 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/11/24 09:01:28 | 00,006,664 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2009/11/22 22:55:45 | 03,417,410 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2009/11/22 21:26:02 | 00,065,536 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 15:16:31 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 15:05:20 | 00,000,737 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2009/11/17 15:05:20 | 00,000,718 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2009/11/17 08:19:06 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/16 12:33:05 | 06,845,677 | ---- | M] () -- C:\Users\Chris\Documents\AutoRuns.arn
[2009/11/16 09:56:02 | 00,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2009/11/12 08:23:55 | 01,606,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/17 15:16:31 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/17 15:05:20 | 00,000,737 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2009/11/17 15:05:20 | 00,000,718 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2009/11/17 08:19:06 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/16 12:33:04 | 06,845,677 | ---- | C] () -- C:\Users\Chris\Documents\AutoRuns.arn
[2009/10/27 17:28:02 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/20 17:52:55 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 17:52:25 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/10/11 10:22:11 | 00,064,060 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\EVAN LITTLE BIT BIG.csa
[2009/10/11 09:52:35 | 00,060,800 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\EVAN MEDIUM.csa
[2009/10/11 09:33:33 | 00,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\badclose.bin
[2009/09/28 18:37:24 | 00,001,120 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/13 15:47:41 | 00,062,324 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\evan small 1.csa
[2009/08/13 15:45:29 | 00,062,324 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\e.csa
[2009/08/13 15:26:51 | 00,065,334 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\evan medium 2.csa
[2009/08/13 15:05:09 | 00,065,258 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\evan big 2.csa
[2009/08/12 19:16:40 | 00,062,778 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\evan medium 1.csa
[2009/08/12 18:57:53 | 00,062,778 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\evan mediqm 1.csa
[2009/07/26 19:45:31 | 00,059,776 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/04/15 16:06:11 | 00,064,990 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\big1.csa
[2009/02/04 23:32:05 | 00,000,160 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\default.rss
[2009/01/25 22:00:13 | 00,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/01/22 14:37:11 | 00,060,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\medium2.csa
[2009/01/06 11:42:01 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdncoin.dll
[2009/01/06 11:38:18 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/01/06 11:38:18 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/01/06 11:37:58 | 00,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/01/06 11:37:58 | 00,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/01/06 11:35:14 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdnrwrd.ini
[2009/01/06 11:35:04 | 00,348,160 | ---- | C] () -- C:\Windows\System32\LXDNinst.dll
[2009/01/06 11:34:59 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdngrd.dll
[2008/12/09 14:29:23 | 00,058,962 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\medium.csa
[2008/12/09 10:08:32 | 00,060,202 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\big2.csa
[2008/12/04 13:26:21 | 00,059,957 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\little2.csa
[2008/12/01 17:49:07 | 00,000,103 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\dlc237gylulpp.csa
[2008/11/30 19:55:06 | 00,061,949 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\abc.csa
[2008/11/30 17:35:35 | 00,061,800 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\big.csa
[2008/11/30 16:57:30 | 00,061,400 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\little.csa
[2008/11/30 13:14:23 | 00,067,852 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\giant dizzy.csa
[2008/11/30 12:54:55 | 00,067,850 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\giant.csa
[2008/10/05 13:43:31 | 00,069,200 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Evan 3.csa
[2008/10/05 12:32:41 | 00,073,246 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Evan Big.csa
[2008/10/05 10:40:38 | 00,002,390 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\LoadCach.bin
[2008/10/04 20:28:03 | 00,065,042 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\chris 1.csa
[2008/10/04 19:48:24 | 00,000,177 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\prefs.bin
[2008/10/04 15:54:13 | 00,004,697 | ---- | C] () -- C:\Windows\disney.ini
[2008/08/06 15:10:46 | 00,000,672 | ---- | C] () -- C:\ProgramData\lxdc
[2008/07/04 08:09:26 | 00,029,699 | ---- | C] () -- C:\Windows\System32\ashhwun.dll
[2008/07/04 08:07:10 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008/03/10 10:01:27 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdcrwrd.ini
[2008/03/10 10:00:51 | 00,286,720 | ---- | C] () -- C:\Windows\System32\LXDCinst.dll
[2008/03/10 10:00:48 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdcgrd.dll
[2008/02/11 15:02:42 | 00,000,168 | RHS- | C] () -- C:\Windows\System32\E2C4E04C5F.sys
[2008/01/12 12:04:05 | 00,028,672 | ---- | C] () -- C:\Windows\pccuo.dll
[2008/01/12 12:04:05 | 00,001,711 | ---- | C] () -- C:\Windows\~~~runcd.ini
[2007/11/28 12:51:49 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdnvs.dll
[2007/11/20 19:02:39 | 00,782,336 | ---- | C] () -- C:\Windows\System32\lxdndrs.dll
[2007/11/20 18:44:48 | 00,081,920 | ---- | C] () -- C:\Windows\System32\lxdncaps.dll
[2007/10/05 19:57:07 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/02 17:51:09 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdncnv4.dll
[2007/09/18 12:14:21 | 00,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll
[2007/09/10 12:21:35 | 00,065,536 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/07 14:14:57 | 03,417,410 | -H-- | C] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2007/09/07 14:14:29 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/09/07 14:14:28 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/09/07 14:11:35 | 00,059,776 | ---- | C] () -- C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/04/30 17:53:20 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/04/30 17:18:22 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/30 16:37:14 | 00,000,593 | ---- | C] () -- C:\Windows\generic.ini
[2007/04/30 16:37:14 | 00,000,107 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/03/28 13:16:44 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxdccoin.dll
[2007/02/20 12:59:08 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/20 12:59:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/02/20 11:24:46 | 00,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007/02/07 01:58:10 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/07 01:57:58 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/07 01:57:20 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/07 01:56:30 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/07 01:56:28 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/07 01:52:08 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 17:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 00,690,960 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 05:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 05:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:30:49 | 00,024,578 | ---- | C] () -- C:\Windows\System32\yhck32i.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 02:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 02:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 01:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2006/05/18 01:47:12 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdcvs.dll
[2001/12/26 17:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/10/11 10:33:52 | 00,061,949 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\abc.csa
[2009/08/06 13:24:21 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ace
[2008/12/05 14:33:54 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acer
[2008/04/18 01:30:43 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Adobe
[2007/10/10 20:03:27 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AdobeUM
[2009/05/30 20:53:23 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Any Video Converter
[2008/08/11 11:25:26 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Apple Computer
[2009/10/11 09:33:33 | 00,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\badclose.bin
[2008/12/09 10:07:54 | 00,061,800 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\big.csa
[2009/04/15 16:06:11 | 00,064,990 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\big1.csa
[2008/12/10 08:29:59 | 00,060,202 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\big2.csa
[2009/05/21 00:20:04 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CamBam
[2008/10/04 20:28:03 | 00,065,042 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\chris 1.csa
[2009/02/02 10:48:04 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Corel
[2009/10/27 17:44:07 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
[2009/02/05 18:54:07 | 00,000,160 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\default.rss
[2009/01/26 01:06:50 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DivX
[2008/12/01 17:49:07 | 00,000,103 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\dlc237gylulpp.csa
[2009/11/21 14:38:42 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVD Flick
[2009/11/21 14:37:49 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\dvdcss
[2009/08/13 15:45:29 | 00,062,324 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\e.csa
[2008/10/05 13:43:31 | 00,069,200 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Evan 3.csa
[2009/08/13 15:05:09 | 00,065,258 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\evan big 2.csa
[2008/10/05 12:45:56 | 00,073,246 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Evan Big.csa
[2009/10/11 10:22:12 | 00,064,060 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\EVAN LITTLE BIT BIG.csa
[2009/08/12 18:57:53 | 00,062,778 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\evan mediqm 1.csa
[2009/08/12 19:16:40 | 00,062,778 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\evan medium 1.csa
[2009/08/13 15:26:51 | 00,065,334 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\evan medium 2.csa
[2009/10/11 09:52:35 | 00,060,800 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\EVAN MEDIUM.csa
[2009/08/13 15:47:41 | 00,062,324 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\evan small 1.csa
[2009/04/30 11:34:15 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FaxCtr
[2008/10/05 11:34:55 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GARMIN
[2009/07/26 19:45:31 | 00,059,776 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2008/11/30 13:14:23 | 00,067,852 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\giant dizzy.csa
[2008/11/30 13:02:33 | 00,067,850 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\giant.csa
[2009/06/20 02:44:00 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Google
[2009/09/28 18:44:29 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HP
[2007/09/07 14:10:37 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Identities
[2009/02/05 12:27:38 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InfraRecorder
[2008/02/11 14:47:41 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InstallShield
[2009/02/28 15:58:57 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Intuit Canada
[2008/08/09 18:30:44 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Jasc Software Inc
[2007/09/07 14:20:21 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2009/01/06 13:16:09 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Lexmark Productivity Studio
[2008/05/02 00:54:28 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LimeWire
[2008/11/30 16:57:30 | 00,061,400 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\little.csa
[2008/12/04 13:26:21 | 00,059,957 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\little2.csa
[2009/10/11 10:34:15 | 00,002,390 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\LoadCach.bin
[2007/09/07 14:12:13 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2009/11/17 15:16:35 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2008/12/05 14:52:19 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mbfooooeefqjomkvz
[2006/11/02 07:37:34 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[2008/12/09 14:29:23 | 00,058,962 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\medium.csa
[2009/01/22 14:39:43 | 00,060,144 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\medium2.csa
[2009/03/03 01:33:12 | 00,000,000 | --SD | M] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2007/09/18 13:01:18 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2009/01/25 23:46:30 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nero
[2009/02/21 20:53:32 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2009/08/13 15:48:48 | 00,000,177 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\prefs.bin
[2009/01/22 14:41:47 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Track Color Preference Settings
[2009/01/16 01:22:01 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\U3
[2008/11/26 13:31:40 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\vlc
[2009/01/25 21:22:53 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2009/09/28 18:43:37 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Yahoo!
[2009/11/16 09:56:02 | 00,000,400 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2009/11/24 09:02:59 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/24 09:00:40 | 00,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
  • 0

#15
azarl
Posted 24 November 2009 - 09:09 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi caras

The Symantec residues probably would not interfer with Kaspersky, but they were using system resources for no benefit. Best to remove.

Step 1
Malwarebytes' Anti-Malware
Please run MBAM again.
Once the program has loaded, select the Update tab and click the Check for Updates button. When it's finished updating (it may restart itself)
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 1
Kaspersky Scan
Please scan your computer with your Kaspersky Internet security
To start a virus scan task, perform the following actions:
  • Open the main application window.
  • In the left part of the window, select the Scan My Computer section.
  • Click the Start Full Scan button to start the scan.
Please paste the results in your next post
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP