Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinXP won't open programs, search engine redirect, & more


  • This topic is locked This topic is locked

#1
Ramsey101

Ramsey101

    New Member

  • Member
  • Pip
  • 4 posts
...also cannot adjust anything to do with control panel (i.e. volume)


I'm not really sure if this is one or more than one virus/malware, but I have tried scanning numerous times, and in safe mode. Last scan with Avast found 14 infected files. I tried to delete them but it wouldn't work, it gave me an error. I tried moving to chest and it said that it couldn't be completed until next reboot.

I can't open any programs except firefox (but not chrome or IE), and I have to click on firefox in the "open with.." prompt window after I click the desktop icon. I have access to ad-aware and avast too, only because they open on startup. I tried to run OTL and it wouldn't open, took me to the same "open with..." box. I finally got it to run by re-selecting it through that window from its location on the desktop. Then it wouldn't open notepad with my scan log.

Other programs, like MS office, just give me error boxes saying "application not found."

Also, I am having a problem when I click certain links in google search engine, it will take me to a malicious page.

I'm sorry if this is a little jumbled and hard to decipher, I'm not too experienced with this kind of thing. Thank you in advance for any help solving this problem!

Edited by Ramsey101, 15 July 2011 - 09:23 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - lets see if we can remedy this situation

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Posted Image

Then select Start OTL. OTL will now run

  • Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
    Select Scan.txt that you downloaded
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Click the Internet Explorer button, post these logs in your Virus Removal topic.

  • 0

#3
Ramsey101

Ramsey101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks so much for your quick response. I actually saw another post here that remedied my situation. That was the virus I had. I just did a system restore in safe mode to about a week ago and everything seems to be fine. I downloaded RogueKiller and just ran a scan and here is the log that came up:


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ramsey [Admin rights]
Mode: Scan -- Date : 07/15/2011 21:55:08

Bad processes: 0

Registry Entries: 6
[BLACKLIST DLL] HKCU\[...]\Run : Ujoyocohuvil (rundll32.exe "C:\WINDOWS\fonrif.dll",Startup) -> FOUND
[SUSP PATH] HKCU\[...]\Run : lavsstr70.exe (C:\Documents and Settings\Ramsey\Application Data\07CF8C0C3FBC7FF9DF93D6D999D70963\lavsstr70.exe) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : Vnotiloxegirif (rundll32.exe "C:\WINDOWS\ivequvacaxojuxap.dll",Startup) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1606980848-2147239855-839522115-1011[...]\Run : Ujoyocohuvil (rundll32.exe "C:\WINDOWS\fonrif.dll",Startup) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1606980848-2147239855-839522115-1011[...]\Run : lavsstr70.exe (C:\Documents and Settings\Ramsey\Application Data\07CF8C0C3FBC7FF9DF93D6D999D70963\lavsstr70.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt



There were, however, a couple error messages that came up when I first booted up after restore. I'm not sure what they mean but I attached the screenshot of them. Are these problematic?

errorsrundll.JPG
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you run the OTL programme I will be able to stop them, the suggestion that you saw is not one that I would recommend as it does not remove the underlying problems

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#5
Ramsey101

Ramsey101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Well I did what you said and the extras.txt didn't open, but here is the OTL log:


OTL logfile created on: 7/17/2011 7:43:11 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Ramsey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.98 Mb Total Physical Memory | 318.97 Mb Available Physical Memory | 31.43% Memory free
4.90 Gb Paging File | 4.35 Gb Available in Paging File | 88.75% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 144.34 Gb Free Space | 61.98% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: IBM8183CTO | User Name: Ramsey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 21:47:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramsey\Desktop\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/28 07:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/03 11:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/02/15 12:26:40 | 000,455,336 | ---- | M] () -- C:\Program Files\Lexmark 5300 Series\lxdkmon.exe
PRC - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2010/01/07 15:38:08 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/07/26 14:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/05/19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/04/08 06:38:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/05/29 17:57:22 | 000,298,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2008/05/29 17:57:22 | 000,198,184 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2008/05/29 17:57:22 | 000,141,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2008/05/29 17:57:22 | 000,128,552 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/14 07:15:34 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdkcoms.exe
PRC - [2007/03/12 14:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 14:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/03/17 07:34:12 | 000,030,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/03/07 14:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/07 14:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/07 14:02:14 | 000,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/02/06 13:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/01/13 03:14:58 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2005/02/25 12:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcccoms.exe
PRC - [2005/02/21 07:21:18 | 000,192,512 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3300 Series\lxccmon.exe
PRC - [2004/10/04 18:05:04 | 001,044,577 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
PRC - [2003/06/25 11:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2001/04/28 06:57:38 | 000,036,864 | ---- | M] (Silitek Corp.) -- C:\WINDOWS\system32\Sktempdm.exe


========== Modules (SafeList) ==========

MOD - [2011/07/15 21:47:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramsey\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/07/04 07:43:48 | 000,682,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswAux.dll
MOD - [2011/07/04 07:43:48 | 000,313,080 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MOD - [2011/07/04 07:43:48 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2011/07/04 07:43:48 | 000,162,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MOD - [2011/07/04 07:43:48 | 000,046,328 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MOD - [2011/07/04 07:43:47 | 000,095,232 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MOD - [2011/07/04 07:43:45 | 000,182,776 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashBase.dll
MOD - [2011/07/04 07:43:45 | 000,150,352 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTask.dll
MOD - [2011/07/04 07:43:44 | 000,105,520 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AhAScr.dll
MOD - [2011/07/04 07:43:42 | 000,311,544 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MOD - [2011/07/04 07:43:42 | 000,070,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2011/05/13 18:37:56 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2011/03/04 02:37:06 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vbscript.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll
MOD - [2008/04/13 20:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 20:12:09 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll
MOD - [2008/04/13 20:12:08 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll
MOD - [2008/04/13 20:12:08 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemdisp.dll
MOD - [2008/04/13 20:12:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll
MOD - [2008/04/13 20:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemprox.dll
MOD - [2008/04/13 20:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll
MOD - [2008/04/13 20:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/29 08:44:32 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/20 09:45:44 | 000,000,044 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\Temp\MouseDriver.bat -- (MouseDriver)
SRV - [2011/02/21 20:29:34 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/04/08 06:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/05/29 17:57:22 | 000,198,184 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/10/01 18:56:01 | 000,243,064 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/10/01 18:55:51 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/06/14 07:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdkcoms.exe -- (lxdk_device)
SRV - [2007/06/14 07:15:24 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2006/03/17 07:34:24 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/03/17 07:34:20 | 001,799,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/03/17 07:34:12 | 000,030,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/03/07 14:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/07 14:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/06 13:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/01/24 21:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/02/25 12:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/29 12:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\navex15.sys -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\naveng.sys -- (NAVENG)
DRV - [2010/05/28 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/05/21 14:00:00 | 000,057,984 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/08/21 19:22:06 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/06 13:50:22 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/31 14:29:20 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/01/24 21:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 21:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/10/04 17:57:16 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/10/04 17:57:14 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/10/04 17:57:12 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/06/17 10:05:46 | 000,136,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (SoC PC-Camera Service)
DRV - [2001/07/27 09:25:38 | 000,014,048 | ---- | M] (Silitek Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\skusbkbf.sys -- (SKUSBKBF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1606980848-2147239855-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1606980848-2147239855-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1606980848-2147239855-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 25 20 B7 5C 43 CC 01 [binary data]
IE - HKU\S-1-5-21-1606980848-2147239855-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://laserpointerforums.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://search.freeca...&type=62133&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Ramsey\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Ramsey\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ramsey\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ramsey\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/15 14:15:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{556CA317-5683-401E-8154-1AB1B88D1BC7}: C:\Documents and Settings\Ramsey\Local Settings\Application Data\{556CA317-5683-401E-8154-1AB1B88D1BC7} [2011/05/20 09:47:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/15 13:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 10:12:37 | 000,000,000 | ---D | M]

[2010/09/15 21:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Extensions
[2010/09/15 21:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/15 21:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\extensions
[2010/11/14 23:24:08 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\extensions\[email protected]
[2011/07/15 13:48:27 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\extensions\[email protected](2).org
[2010/12/14 12:06:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\searchplugins\search-the-web.xml
[2011/07/10 01:26:49 | 000,001,524 | ---- | M] () -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\searchplugins\swagbuckscom.xml
[2011/03/23 19:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/17 21:20:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/20 09:47:35 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RAMSEY\LOCAL SETTINGS\APPLICATION DATA\{556CA317-5683-401E-8154-1AB1B88D1BC7}
[2011/07/15 14:15:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/05/17 21:20:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 13:00:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/05/17 21:20:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/20 09:46:11 | 000,002,159 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 18 more lines...
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
O2 - BHO: (AvayaIEHlprObj Class) - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3 - HKLM\..\Toolbar: (Club Bing Toolbar) - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1606980848-2147239855-839522115-1011\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1606980848-2147239855-839522115-1011\..\Toolbar\WebBrowser: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4C21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Detect Kbd Daemon] C:\WINDOWS\System32\SK2000DM.EXE (Silitek Corp.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [lxdkamon] C:\Program Files\Lexmark 5300 Series\lxdkamon.exe ()
O4 - HKLM..\Run: [lxdkmon.exe] C:\Program Files\Lexmark 5300 Series\lxdkmon.exe ()
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge Solutions Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Vnotiloxegirif] File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1606980848-2147239855-839522115-1011..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1606980848-2147239855-839522115-1011..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1606980848-2147239855-839522115-1011..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1606980848-2147239855-839522115-1011..\Run: [lavsstr70.exe] File not found
O4 - HKU\S-1-5-21-1606980848-2147239855-839522115-1011..\Run: [Ujoyocohuvil] File not found
O4 - Startup: C:\Documents and Settings\administrator\Start Menu\Programs\Startup\Psi.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ()
O4 - Startup: C:\Documents and Settings\Doug.IBM8183CTO\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = File not found
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\UniversalCallerID.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-2147239855-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.h...llMgr_v01_6.cab (FixController Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1155902832866 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ramsey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ramsey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/21 18:00:54 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/08/17 15:48:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6089992d-2b04-11de-bb95-000d60b6db89}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 21:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Desktop\RK_Quarantine
[2011/07/15 21:47:28 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ramsey\Desktop\OTL.exe
[2011/07/12 11:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Desktop\Episodes (Squids & S.P.)
[2011/06/27 08:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Desktop\Camera pics
[2011/06/21 10:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Application Data\acccore
[2011/06/21 10:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\AOL
[2011/06/21 10:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\AIM
[2011/06/21 10:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/06/21 10:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2011/06/21 10:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2011/06/21 10:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/06/21 10:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/09/08 11:51:18 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkserv.dll
[2010/09/08 11:51:18 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkusb1.dll
[2010/09/08 11:51:18 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkhcp.dll
[2010/09/08 11:51:18 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkinpa.dll
[2010/09/08 11:51:18 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkiesc.dll
[2010/09/08 11:51:17 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkhbn3.dll
[2010/09/08 11:51:17 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkpmui.dll
[2010/09/08 11:51:17 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdklmpm.dll
[2010/09/08 11:51:17 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkih.exe
[2010/09/08 11:51:17 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkprox.dll
[2010/09/08 11:51:16 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkcomc.dll
[2010/09/08 11:51:16 | 000,598,960 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkcoms.exe
[2010/09/08 11:51:16 | 000,365,488 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkcfg.exe
[2010/09/08 11:51:16 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkcomm.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 07:14:18 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-2147239855-839522115-1011UA.job
[2011/07/17 07:13:23 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Ramsey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/17 07:13:22 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Ramsey\Desktop\Google Chrome.lnk
[2011/07/17 07:01:21 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/07/17 07:01:20 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 06:59:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/17 06:56:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 06:56:26 | 1064,357,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 21:47:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramsey\Desktop\OTL.exe
[2011/07/15 18:11:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-2147239855-839522115-1011Core.job
[2011/07/15 16:15:33 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/15 16:15:33 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/15 14:22:30 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/15 14:22:11 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/13 11:17:02 | 000,090,728 | ---- | M] () -- C:\Documents and Settings\Ramsey\Desktop\James'_milestones.rtf
[2011/07/12 10:25:51 | 000,016,188 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7o6hg12ltxma4w6
[2011/07/12 10:25:50 | 000,016,188 | -HS- | M] () -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\7o6hg12ltxma4w6
[2011/07/12 02:00:08 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-IBM8183CTO-Ramsey.job
[2011/07/10 00:10:15 | 000,467,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/10 00:10:15 | 000,081,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/09 22:53:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/01 09:16:06 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 11:54:08 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/27 08:42:37 | 000,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/21 10:13:05 | 000,000,374 | -H-- | M] () -- C:\IPH.PH
[2011/06/21 10:12:49 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Ramsey\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/21 10:12:49 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/15 14:00:00 | 1064,357,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/12 01:44:23 | 000,016,188 | -HS- | C] () -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\7o6hg12ltxma4w6
[2011/07/12 01:44:23 | 000,016,188 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7o6hg12ltxma4w6
[2011/06/21 10:12:49 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Ramsey\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/21 10:12:49 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/06/21 10:12:05 | 000,000,374 | -H-- | C] () -- C:\IPH.PH
[2011/05/20 09:47:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lvoqilahacafof.dat
[2011/05/20 09:47:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xtunobacagayus.bin
[2011/05/08 22:34:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/08 22:34:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/04 09:24:17 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Ramsey\Application Data\Adobe IllExport Filter CS5 Prefs
[2011/05/02 16:34:27 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/02/23 01:55:01 | 000,480,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/21 11:16:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2011/01/21 11:16:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2010/11/08 13:33:17 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Ramsey\Application Data\Adobe BMP Format CS5 Prefs
[2010/09/08 11:52:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdkvs.dll
[2010/09/08 11:52:47 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdkcoin.dll
[2010/09/08 11:52:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdkcaps.dll
[2010/09/08 11:52:13 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdkdrs.dll
[2010/09/08 11:52:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdkcnv4.dll
[2010/09/08 11:51:18 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdkinst.dll
[2010/09/08 11:51:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdkgrd.dll
[2010/08/05 19:44:25 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 23:18:43 | 000,000,200 | ---- | C] () -- C:\WINDOWS\QCPC80UI.dat
[2010/07/02 23:14:29 | 000,000,200 | ---- | C] () -- C:\WINDOWS\AUDC80UI.dat
[2010/03/18 14:10:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/14 16:49:26 | 000,000,726 | ---- | C] () -- C:\WINDOWS\WORDZAP.INI
[2009/12/11 12:12:13 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/11 12:12:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/11 12:12:10 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/11 12:12:10 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/11 12:12:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/12/25 16:09:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/11/13 19:52:43 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/11/13 19:52:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/09/03 19:58:07 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/09/03 19:58:06 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2008/09/03 19:58:01 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2008/09/03 19:58:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2008/09/03 19:58:01 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2008/09/03 19:57:48 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2008/09/03 19:37:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\BMUpdate.ini
[2008/06/06 13:51:31 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/06/06 13:51:31 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/06/06 13:51:31 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/06/06 13:51:30 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/06/05 08:23:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/05/29 17:57:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\aicext.dll
[2008/05/11 08:11:05 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2008/05/11 08:11:05 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2008/05/11 08:11:05 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2008/05/11 08:11:05 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2008/05/11 08:11:04 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008/05/11 08:11:04 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/05/07 10:23:50 | 000,000,010 | ---- | C] () -- C:\WINDOWS\PureEdgeAPI.ini
[2008/04/10 18:30:53 | 000,000,379 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/04/01 16:32:34 | 000,008,496 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini
[2007/12/29 00:43:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/05/10 07:09:25 | 000,000,096 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/08 18:55:01 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\NSVIDEO.dll
[2007/05/08 18:51:31 | 000,005,561 | ---- | C] () -- C:\WINDOWS\EZPhotoTools2.ini
[2007/05/08 18:50:40 | 000,001,014 | ---- | C] () -- C:\WINDOWS\EZPhotoBrowser2.ini
[2007/05/08 18:48:06 | 000,000,816 | ---- | C] () -- C:\WINDOWS\Showtime1.ini
[2006/09/24 14:37:00 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/18 08:05:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/18 07:52:04 | 000,000,021 | ---- | C] () -- C:\WINDOWS\agent.ini
[2006/08/17 15:51:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/17 15:44:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/17 11:38:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/17 11:37:01 | 003,690,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,467,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,081,780 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/02 08:42:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2004/06/17 10:05:46 | 000,136,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2004/01/08 10:30:22 | 000,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2003/02/11 09:58:50 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

========== LOP Check ==========

[2006/08/23 14:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\IsolatedStorage
[2011/06/21 10:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/02/21 20:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/05/02 11:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/11/14 21:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/05/28 19:27:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/11 13:23:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/06/11 13:33:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/11/14 09:57:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/30 01:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2008/04/24 13:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/11/14 09:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/07 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/05/07 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2010/10/31 16:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/02 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2008/04/16 16:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/08/04 19:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/12/14 12:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/08/04 19:19:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2008/05/11 12:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug.IBM8183CTO\Application Data\PureEdge
[2007/06/26 00:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug.IBM8183CTO\Application Data\Transparent
[2011/05/22 08:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\07CF8C0C3FBC7FF9DF93D6D999D70963
[2011/06/21 10:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\acccore
[2011/02/22 18:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\Autodesk
[2010/11/14 10:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\AVG10
[2010/08/25 11:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\Canon Easy-WebPrint EX
[2011/01/21 13:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/30 02:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\DraftSight
[2011/03/15 15:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\FreeAudioPack
[2010/09/08 11:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\Lexmark Productivity Studio
[2011/02/07 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\NCH Swift Sound
[2010/10/06 11:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\OpenOffice.org
[2010/08/02 15:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\PureEdge
[2011/02/04 13:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\SmartDraw
[2010/11/01 23:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/09/15 21:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\Thunderbird
[2011/05/04 09:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\uTorrent
[2010/12/14 11:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\Worldwinner
[2008/08/23 19:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\PureEdge
[2010/06/11 13:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Canon
[2010/05/28 20:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Canon Easy-WebPrint EX
[2008/04/24 13:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\HotSync
[2008/04/24 14:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Leadertech
[2007/12/05 23:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\LimeWire
[2010/06/11 20:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\OpenOffice.org
[2008/05/07 11:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\PureEdge
[2010/08/15 18:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\SuperNZB
[2007/12/06 00:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\TomTom
[2010/03/28 16:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\uTorrent
[2007/11/08 20:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Visio
[2007/06/11 18:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\ZZZSun
[2011/07/17 06:59:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/02/10 23:36:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\mixpadShakeIcon.job
[2011/07/17 07:01:21 | 000,000,474 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2010/07/18 21:50:05 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\SyncFiles.job
[2011/04/26 20:27:48 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\tonegenShakeIcon.job
[2011/02/10 23:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Ramsey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/05 13:01:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/05 13:01:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/05 13:01:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/05 13:00:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/05 13:00:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/05 13:00:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Ramsey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Ramsey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Ramsey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Ramsey\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2010/12/14 12:06:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\searchplugins\search-the-web.xml
    [2011/07/10 01:26:49 | 000,001,524 | ---- | M] () -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\searchplugins\swagbuckscom.xml
    [2011/05/20 09:47:35 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RAMSEY\LOCAL SETTINGS\APPLICATION DATA\{556CA317-5683-401E-8154-1AB1B88D1BC7}
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
    O2 - BHO: (AvayaIEHlprObj Class) - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - File not found
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
    O4 - HKU\S-1-5-21-1606980848-2147239855-839522115-1011..\Run: [lavsstr70.exe] File not found
    O4 - HKU\S-1-5-21-1606980848-2147239855-839522115-1011..\Run: [Ujoyocohuvil] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
    [2011/07/12 10:25:51 | 000,016,188 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7o6hg12ltxma4w6
    [2011/07/12 10:25:50 | 000,016,188 | -HS- | M] () -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\7o6hg12ltxma4w6
    [2011/05/20 09:47:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lvoqilahacafof.dat
    [2011/05/20 09:47:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xtunobacagayus.bin

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Ramsey\Local Settings\Application Data\7o6hg12ltxma4w6
    C:\Documents and Settings\All Users\Application Data\7o6hg12ltxma4w6

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
Ramsey101

Ramsey101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ok, thank you. I still had one of the error messages pop up at startup, "Error loading C:\WINDOWS\ivequvacaxojuxap.dll". What is that anyway?

Here is the log that came up when I rebooted after doing run fix:


All processes killed
========== OTL ==========
C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\searchplugins\search-the-web.xml moved successfully.
C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\searchplugins\swagbuckscom.xml moved successfully.
C:\DOCUMENTS AND SETTINGS\RAMSEY\LOCAL SETTINGS\APPLICATION DATA\{556CA317-5683-401E-8154-1AB1B88D1BC7}\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\RAMSEY\LOCAL SETTINGS\APPLICATION DATA\{556CA317-5683-401E-8154-1AB1B88D1BC7}\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\RAMSEY\LOCAL SETTINGS\APPLICATION DATA\{556CA317-5683-401E-8154-1AB1B88D1BC7} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6DF0B46-7D6F-407A-A6A2-62D17A021A9A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6DF0B46-7D6F-407A-A6A2-62D17A021A9A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1606980848-2147239855-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Run\\lavsstr70.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1606980848-2147239855-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Run\\Ujoyocohuvil deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\All Users\Application Data\7o6hg12ltxma4w6 moved successfully.
C:\Documents and Settings\Ramsey\Local Settings\Application Data\7o6hg12ltxma4w6 moved successfully.
C:\WINDOWS\Lvoqilahacafof.dat moved successfully.
C:\WINDOWS\Xtunobacagayus.bin moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Ramsey\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ramsey\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\Ramsey\Local Settings\Application Data\7o6hg12ltxma4w6 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\7o6hg12ltxma4w6 not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 515851 bytes

User: Administrator.IBM8183CTO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ADMINI~1~ORL

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: doug
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Doug.IBM8183CTO
->Temp folder emptied: 5811054 bytes
->Temporary Internet Files folder emptied: 7716998 bytes
->Java cache emptied: 4909376 bytes
->Flash cache emptied: 44052 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 10075796 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1220639 bytes

User: Ramsey
->Temp folder emptied: 1062501367 bytes
->Temporary Internet Files folder emptied: 5033722 bytes
->Java cache emptied: 2859192 bytes
->FireFox cache emptied: 54251152 bytes
->Google Chrome cache emptied: 389305035 bytes
->Flash cache emptied: 2873196 bytes

User: Robin
->Temp folder emptied: 1179331 bytes
->Temporary Internet Files folder emptied: 32720557 bytes
->Java cache emptied: 7617599 bytes
->FireFox cache emptied: 3389237 bytes
->Flash cache emptied: 3978 bytes

User: Todd
->Temp folder emptied: 288106774 bytes
->Temporary Internet Files folder emptied: 29232518 bytes
->Java cache emptied: 55607239 bytes
->FireFox cache emptied: 88729127 bytes
->Flash cache emptied: 115838 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 24136209 bytes
%systemroot%\System32\dllcache .tmp files removed: 2938368 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58157581 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 119015614 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2132356 bytes

Total Files Cleaned = 2,158.00 mb


[EMPTYFLASH]

User: administrator

User: Administrator.IBM8183CTO

User: ADMINI~1~ORL

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: doug

User: Doug.IBM8183CTO
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Ramsey
->Flash cache emptied: 0 bytes

User: Robin
->Flash cache emptied: 0 bytes

User: Todd
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 07172011_160038

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6e4.dat not found!

Registry entries deleted on Reboot...


And here is the log after running the last quick scan:

OTL logfile created on: 7/17/2011 4:16:36 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Ramsey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.98 Mb Total Physical Memory | 369.89 Mb Available Physical Memory | 36.44% Memory free
4.90 Gb Paging File | 4.54 Gb Available in Paging File | 92.75% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 146.74 Gb Free Space | 63.01% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: IBM8183CTO | User Name: Ramsey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 21:47:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramsey\Desktop\OTL.exe
PRC - [2011/07/15 14:08:48 | 003,485,480 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/28 07:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/04/08 06:38:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/05/29 17:57:22 | 000,298,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2008/05/29 17:57:22 | 000,198,184 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2008/05/29 17:57:22 | 000,141,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/14 07:15:34 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdkcoms.exe
PRC - [2006/03/17 07:34:12 | 000,030,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/03/07 14:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/07 14:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/07 14:02:14 | 000,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/02/06 13:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/01/13 03:14:58 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2005/07/04 09:50:04 | 000,643,072 | ---- | M] (PureEdge Solutions Inc.) -- C:\Program Files\PureEdge\Viewer 6.5\masqform.exe
PRC - [2003/06/25 11:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2001/04/28 06:57:38 | 000,036,864 | ---- | M] (Silitek Corp.) -- C:\WINDOWS\system32\SK2000DM.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/15 21:47:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramsey\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Auto | Stopped] -- -- (MouseDriver)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/29 08:44:32 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/02/21 20:29:34 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/04/08 06:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/05/29 17:57:22 | 000,198,184 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/10/01 18:56:01 | 000,243,064 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/10/01 18:55:51 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/06/14 07:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdkcoms.exe -- (lxdk_device)
SRV - [2007/06/14 07:15:24 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2006/03/17 07:34:24 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/03/17 07:34:20 | 001,799,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/03/17 07:34:12 | 000,030,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/03/07 14:03:02 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/07 14:02:34 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/06 13:50:24 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/01/24 21:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/02/25 12:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/29 12:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\navex15.sys -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\naveng.sys -- (NAVENG)
DRV - [2010/05/28 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/05/21 14:00:00 | 000,057,984 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/08/21 19:22:06 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/06 13:50:22 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/31 14:29:20 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/01/24 21:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 21:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/10/04 17:57:16 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/10/04 17:57:14 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/10/04 17:57:12 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/06/17 10:05:46 | 000,136,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (SoC PC-Camera Service)
DRV - [2001/07/27 09:25:38 | 000,014,048 | ---- | M] (Silitek Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\skusbkbf.sys -- (SKUSBKBF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://laserpointerforums.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 25 20 B7 5C 43 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://laserpointerforums.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://search.freeca...&type=62133&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Ramsey\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Ramsey\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ramsey\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ramsey\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/15 14:15:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{556CA317-5683-401E-8154-1AB1B88D1BC7}: C:\Documents and Settings\Ramsey\Local Settings\Application Data\{556CA317-5683-401E-8154-1AB1B88D1BC7}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/15 13:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 10:12:37 | 000,000,000 | ---D | M]

[2010/09/15 21:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Extensions
[2010/09/15 21:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/15 21:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\extensions
[2010/11/14 23:24:08 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\extensions\[email protected]
[2011/07/15 13:48:27 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Documents and Settings\Ramsey\Application Data\Mozilla\Firefox\Profiles\bes1b48f.default\extensions\[email protected](2).org
[2011/03/23 19:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/17 21:20:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RAMSEY\LOCAL SETTINGS\APPLICATION DATA\{556CA317-5683-401E-8154-1AB1B88D1BC7}
[2011/07/15 14:15:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/05/17 21:20:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 13:00:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/05/17 21:20:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/17 16:01:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Club Bing Toolbar) - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Club Bing Toolbar\Toolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4c21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Club Bing Toolbar Helper) - {B771FEA3-2A05-4C21-B1E2-55551A97D520} - C:\Program Files\Club Bing Toolbar Helper\Bmbho.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Detect Kbd Daemon] C:\WINDOWS\System32\SK2000DM.EXE (Silitek Corp.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [lxdkamon] C:\Program Files\Lexmark 5300 Series\lxdkamon.exe ()
O4 - HKLM..\Run: [lxdkmon.exe] C:\Program Files\Lexmark 5300 Series\lxdkmon.exe ()
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge Solutions Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Vnotiloxegirif] File not found
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.h...llMgr_v01_6.cab (FixController Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1155902832866 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ramsey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ramsey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/21 18:00:54 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/08/17 15:48:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6089992d-2b04-11de-bb95-000d60b6db89}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 16:00:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/15 21:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Desktop\RK_Quarantine
[2011/07/15 21:47:28 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ramsey\Desktop\OTL.exe
[2011/07/12 11:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Desktop\Episodes (Squids & S.P.)
[2011/06/27 08:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Desktop\Camera pics
[2011/06/21 10:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Application Data\acccore
[2011/06/21 10:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\AOL
[2011/06/21 10:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\AIM
[2011/06/21 10:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/06/21 10:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2011/06/21 10:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2011/06/21 10:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/06/21 10:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/09/08 11:51:18 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkserv.dll
[2010/09/08 11:51:18 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkusb1.dll
[2010/09/08 11:51:18 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkhcp.dll
[2010/09/08 11:51:18 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkinpa.dll
[2010/09/08 11:51:18 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkiesc.dll
[2010/09/08 11:51:17 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkhbn3.dll
[2010/09/08 11:51:17 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkpmui.dll
[2010/09/08 11:51:17 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdklmpm.dll
[2010/09/08 11:51:17 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkih.exe
[2010/09/08 11:51:17 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkprox.dll
[2010/09/08 11:51:16 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkcomc.dll
[2010/09/08 11:51:16 | 000,598,960 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkcoms.exe
[2010/09/08 11:51:16 | 000,365,488 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkcfg.exe
[2010/09/08 11:51:16 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdkcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/07/17 16:16:22 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/07/17 16:16:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/17 16:16:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 16:13:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 16:13:29 | 1064,357,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/17 16:01:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/17 09:11:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-2147239855-839522115-1011UA.job
[2011/07/17 07:13:23 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Ramsey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/17 07:13:22 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Ramsey\Desktop\Google Chrome.lnk
[2011/07/15 21:47:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramsey\Desktop\OTL.exe
[2011/07/15 18:11:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-2147239855-839522115-1011Core.job
[2011/07/15 16:15:33 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/15 16:15:33 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/15 14:22:30 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/15 14:22:11 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/13 11:17:02 | 000,090,728 | ---- | M] () -- C:\Documents and Settings\Ramsey\Desktop\James'_milestones.rtf
[2011/07/12 02:00:08 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-IBM8183CTO-Ramsey.job
[2011/07/10 00:10:15 | 000,467,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/10 00:10:15 | 000,081,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/09 22:53:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/01 09:16:06 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 11:54:08 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/27 08:42:37 | 000,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/21 10:13:05 | 000,000,374 | -H-- | M] () -- C:\IPH.PH
[2011/06/21 10:12:49 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Ramsey\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/21 10:12:49 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk

========== Files Created - No Company Name ==========

[2011/07/15 14:00:00 | 1064,357,888 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/21 10:12:49 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Ramsey\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/21 10:12:49 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/06/21 10:12:05 | 000,000,374 | -H-- | C] () -- C:\IPH.PH
[2011/05/08 22:34:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/08 22:34:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/04 09:24:17 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Ramsey\Application Data\Adobe IllExport Filter CS5 Prefs
[2011/05/02 16:34:27 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/02/23 01:55:01 | 000,480,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/21 11:16:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2011/01/21 11:16:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2010/11/08 13:33:17 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Ramsey\Application Data\Adobe BMP Format CS5 Prefs
[2010/09/08 11:52:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdkvs.dll
[2010/09/08 11:52:47 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdkcoin.dll
[2010/09/08 11:52:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdkcaps.dll
[2010/09/08 11:52:13 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdkdrs.dll
[2010/09/08 11:52:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdkcnv4.dll
[2010/09/08 11:51:18 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdkinst.dll
[2010/09/08 11:51:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdkgrd.dll
[2010/08/05 19:44:25 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Ramsey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 23:18:43 | 000,000,200 | ---- | C] () -- C:\WINDOWS\QCPC80UI.dat
[2010/07/02 23:14:29 | 000,000,200 | ---- | C] () -- C:\WINDOWS\AUDC80UI.dat
[2010/03/18 14:10:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/14 16:49:26 | 000,000,726 | ---- | C] () -- C:\WINDOWS\WORDZAP.INI
[2009/12/11 12:12:13 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/11 12:12:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/11 12:12:10 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/11 12:12:10 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/11 12:12:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/12/25 16:09:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/11/13 19:52:43 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/11/13 19:52:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/09/03 19:58:07 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/09/03 19:58:06 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2008/09/03 19:58:01 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2008/09/03 19:58:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2008/09/03 19:58:01 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2008/09/03 19:57:48 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2008/09/03 19:37:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\BMUpdate.ini
[2008/06/06 13:51:31 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/06/06 13:51:31 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/06/06 13:51:31 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/06/06 13:51:30 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/06/05 08:23:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/05/29 17:57:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\aicext.dll
[2008/05/11 08:11:05 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2008/05/11 08:11:05 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2008/05/11 08:11:05 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2008/05/11 08:11:05 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2008/05/11 08:11:04 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008/05/11 08:11:04 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/05/07 10:23:50 | 000,000,010 | ---- | C] () -- C:\WINDOWS\PureEdgeAPI.ini
[2008/04/10 18:30:53 | 000,000,379 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/04/01 16:32:34 | 000,008,496 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini
[2007/12/29 00:43:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/05/10 07:09:25 | 000,000,096 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/08 18:55:01 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\NSVIDEO.dll
[2007/05/08 18:51:31 | 000,005,561 | ---- | C] () -- C:\WINDOWS\EZPhotoTools2.ini
[2007/05/08 18:50:40 | 000,001,014 | ---- | C] () -- C:\WINDOWS\EZPhotoBrowser2.ini
[2007/05/08 18:48:06 | 000,000,816 | ---- | C] () -- C:\WINDOWS\Showtime1.ini
[2006/09/24 14:37:00 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/18 08:05:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/18 07:52:04 | 000,000,021 | ---- | C] () -- C:\WINDOWS\agent.ini
[2006/08/17 15:51:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/17 15:44:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/17 11:38:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/17 11:37:01 | 003,690,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,467,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,081,780 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/02 08:42:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2004/06/17 10:05:46 | 000,136,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2004/01/08 10:30:22 | 000,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2003/02/11 09:58:50 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

========== LOP Check ==========

[2011/06/21 10:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/02/21 20:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/05/02 11:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/11/14 21:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/05/28 19:27:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/11 13:23:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/06/11 13:33:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/11/14 09:57:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/30 01:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2008/04/24 13:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/11/14 09:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/07 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/05/07 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2010/10/31 16:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/02 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2008/04/16 16:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/08/04 19:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/12/14 12:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/08/04 19:19:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2011/05/22 08:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\07CF8C0C3FBC7FF9DF93D6D999D70963
[2011/06/21 10:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\acccore
[2011/02/22 18:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\Autodesk
[2010/11/14 10:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\AVG10
[2010/08/25 11:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\Canon Easy-WebPrint EX
[2011/01/21 13:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/30 02:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\DraftSight
[2011/03/15 15:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\FreeAudioPack
[2010/09/08 11:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\Lexmark Productivity Studio
[2011/02/07 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\NCH Swift Sound
[2010/10/06 11:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\OpenOffice.org
[2010/08/02 15:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\PureEdge
[2011/02/04 13:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\SmartDraw
[2010/11/01 23:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/09/15 21:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\Thunderbird
[2011/05/04 09:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\uTorrent
[2010/12/14 11:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramsey\Application Data\Worldwinner
[2011/07/17 16:16:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/02/10 23:36:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\mixpadShakeIcon.job
[2011/07/17 16:16:22 | 000,000,474 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2010/07/18 21:50:05 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\SyncFiles.job
[2011/04/26 20:27:48 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\tonegenShakeIcon.job
[2011/02/10 23:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Last one to go and we will use RogueKiller for this. Are you still gettting redirects ?

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP