Attached Files
-
Capture5_RootAppealError.zip 25.77KB
271 downloads
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] Computers Will Be The Death Of Me
Started by
JimByTheRiver
, Sep 19 2009 06:28 AM
-
This topic is locked
28 replies to this topic
#1
JimByTheRiver
-
- Authentic Member
-
- 17 posts
New Member
Posted 19 September 2009 - 06:28 AM
Register to Remove
#2
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 20 September 2009 - 02:52 AM
Hi JimByTheRiver, welcome to the forum.
To make cleaning this machine easier
As a Vista user you will need to right click the files and select "Run as Administrator" to run our tools.
Download and run Win32kDiag:
Thanks
To make cleaning this machine easier
- Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs. - Please do not run any scans other than those requested
- Please follow all instructions in the order posted
- All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
- Do not attach any logs/reports, etc.. unless specifically requested to do so.
- If you have problems with or do not understand the instructions, Please ask before continuing.
- Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
As a Vista user you will need to right click the files and select "Run as Administrator" to run our tools.
Download and run Win32kDiag:
- Download Win32kDiag from any of the following locations and save it to your Desktop.
- Right click Win32kDiag.exe and choose Run as Administrator to run Win32kDiag and let it finish.
- When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
- Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
- To ensure the entire contents are copied, please right click anywhere on the text and choose Select All
- Right click the highlighted text and select copy
Thanks
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#3
JimByTheRiver
-
- Authentic Member
-
- 17 posts
New Member
Posted 20 September 2009 - 04:03 AM
Thank you, oldman960
It is a cloudy morning here in Liverpool, UK.
Expected to brighten up later, though.
I don't know how long I am expected to let run the program Win32kDiag.
But on the basis that you are trying to look at the log files, this is all I am getting:
Cannot access c:\Windows\System32\LogFiles\WMI\RTBackup|EtwRDialLog.et1
Jim
#4
JimByTheRiver
-
- Authentic Member
-
- 17 posts
New Member
Posted 20 September 2009 - 04:17 AM
Apologies oldman960. Found the.txt file when I signed in as administrator.
I'm just, well, not quite getting this computer-lark.
Here is the full .txt
Running from: C:\Users\jim.TOSH-A100-338\Desktop\Win32kDiag.exe
Log file at : C:\Users\COMPUTER SURGERY\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
[1] 2009-09-20 09:45:53 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
[1] 2009-09-20 09:45:34 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()
#5
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 20 September 2009 - 09:34 AM
Hi JimByTheRiver,
We need some file informantion
Download OTListIt2 to your desktop.
Please post back with
No problem.Apologies oldman960.
We need some file informantion
- Make sure to use Internet Explorer for this
- Please go to VirSCAN.org FREE on-line scan service
- Copy and paste the following file path, one at a time, into the "Suspicious files to scan" box on the top of the page
- Please ensure the scan is complete and the results saved before submtting the next one
c:\users\computer surgery\appdata\local\pipyjsc.exe
c:\users\computer surgery\appdata\local\xparbu.exe
- Click on the Upload button
- If a pop-up appears saying the file has been scanned already, please select the ReScan button.
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
Download OTListIt2 to your desktop.
- Right click on OTL.exe and choose Run as Administrator to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output
- In the Extra Registry section, change it to None
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Please post back with
- VirScan results
- OTL log
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#6
JimByTheRiver
-
- Authentic Member
-
- 17 posts
New Member
Posted 20 September 2009 - 12:42 PM
Thank you 960 (I can't call you 'oldman')
A few points:
1. VirSCAN.org is down. It says it will take a day to fix.
2. When I looked for pipyjsc.exe & xparbu.exe they were not in your stated folder.
(I had selected 'Show hidden files' in Folder options.)
There were .bat files of both.
I thought (fool!) I would look in pipyjsc.bat to see what was in it, but it ran and uninstalled something (ouch!).
3. My last restore point was yesterday (19 Sept, 15:23), so I restored to that point.
4. When I looked back into the stated folder there was now both an .exe and a .bat of both files.
Am I going mad or is this just normal for computer-users?
Thanks (I'm learning a lot),
Jim.
Took a few hits to try to run OTL... How I'm doing?
OTL logfile created on: 20/09/2009 19:31:10 - Run 3
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\COMPUTER SURGERY\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 96.42% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91.69 Gb Total Space | 36.38 Gb Free Space | 39.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSH-A100-338
Current User Name: COMPUTER SURGERY
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe (irritation)
PRC - C:\Program Files\Common Files\IE7 Pro\IEPro\MiniDM.exe (IE7Pro.com)
PRC - C:\Windows\notepad.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Users\COMPUTER SURGERY\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AcrSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (lxdiCATSCustConnectService [Auto | Stopped]) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe (Lexmark International, Inc.)
SRV - (lxdi_device [Auto | Running]) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athrusb [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\athrusb.sys (Atheros Communications, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (snapman [Boot | Running]) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdm.sys (MCCI Corporation)
DRV - (StarOpen [System | Running]) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (tifsfilter [Auto | Running]) -- C:\Windows\System32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 14:51:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/29 17:56:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Common Files\Quick Time 7.5\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ekraixf] c:\users\computer surgery\appdata\local\ekraixf.exe (irritation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [xparbu] c:\users\computer surgery\appdata\local\xparbu.exe (encabanai)
O4 - HKLM..\RunOnce: [AirShare] C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\AirShareInstaller.exe 0;1;1;1.6.65;C File not found
O4 - Startup: C:\Users\COMPUTER SURGERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/09/20 19:05:19 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\Documents\My Downloads
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/09/20 18:57:49 | 00,003,444 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.dat
[2009/09/20 18:57:49 | 00,001,503 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf_navps.dat
[2009/09/20 18:57:48 | 00,225,280 | ---- | C] (irritation) -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe
[2009/09/20 18:39:07 | 00,001,699 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/20 18:08:25 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2009/09/20 11:10:26 | 00,001,405 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_navps.dat
[2009/09/20 11:10:25 | 00,498,653 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_nav.dat
[2009/09/20 11:10:25 | 00,003,330 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb.dat
[2009/09/19 12:19:49 | 00,000,857 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 12:19:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PeaZip
[2009/09/19 11:42:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/19 11:38:56 | 00,000,862 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/19 11:38:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ERUNT
[2009/09/12 18:10:00 | 00,000,100 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.bat
[2009/09/12 18:09:57 | 00,237,568 | ---- | C] (encabanai) -- C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.exe
[2009/09/12 17:14:56 | 00,000,101 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
[2009/09/12 16:32:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\IE7 Pro
[2009/09/12 16:21:04 | 00,813,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/12 16:21:03 | 00,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/09/12 16:21:03 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/09/12 16:21:03 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/12 16:21:03 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/12 16:21:03 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/09/12 16:21:03 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/12 16:21:03 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/12 16:21:03 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/12 16:21:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/12 16:21:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/12 16:21:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/12 16:21:03 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/12 16:20:14 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/09/12 16:20:14 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/12 16:20:13 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/09/12 16:20:05 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/12 16:20:04 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/12 16:20:03 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/09/12 16:20:03 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/09/12 16:20:03 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/09/12 16:20:03 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/09/12 16:18:46 | 01,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/12 16:18:46 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/12 16:18:46 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/12 16:18:46 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/12 16:18:46 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/12 16:18:46 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/09/12 16:18:46 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/09/12 16:18:40 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/08 15:28:44 | 00,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2009/09/06 17:24:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/09/06 15:49:34 | 00,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/09/06 15:49:34 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/09/06 15:49:34 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/09/06 15:49:33 | 01,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/09/06 15:49:33 | 00,408,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/09/06 15:49:33 | 00,272,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/09/06 15:49:33 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/09/06 15:49:33 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/09/05 11:37:34 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/05 10:51:15 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/05 10:51:14 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/05 10:51:12 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/05 10:51:04 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/05 10:51:01 | 41,503,105 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/05 10:51:01 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/05 10:51:01 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/05 10:51:01 | 00,112,070 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/05 10:51:01 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/05 10:51:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/09/05 10:50:34 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/09/05 10:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/31 15:00:18 | 00,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2009/08/31 14:57:30 | 00,001,387 | ---- | C] () -- C:\ProgramData\lxdi
[2009/08/31 14:45:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2009/08/31 14:24:06 | 00,000,000 | ---D | C] -- C:\logs
[2009/08/31 14:20:31 | 00,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
[2009/08/31 14:20:04 | 01,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2009/08/31 14:19:37 | 00,503,808 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiutil.dll
[2009/08/31 14:19:37 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009/08/31 14:19:37 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009/08/31 14:19:37 | 00,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009/08/31 14:19:37 | 00,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2009/08/31 14:19:36 | 01,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009/08/31 14:19:36 | 00,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009/08/31 14:19:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009/08/31 14:19:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2009/08/31 14:19:35 | 00,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009/08/31 14:19:35 | 00,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009/08/31 14:19:35 | 00,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2009/08/31 14:19:35 | 00,208,896 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiinsb.dll
[2009/08/31 14:19:35 | 00,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiins.dll
[2009/08/31 14:19:35 | 00,143,360 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdijswr.dll
[2009/08/31 14:19:35 | 00,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiinsr.dll
[2009/08/31 14:19:34 | 00,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxdigf.dll
[2009/08/31 14:19:34 | 00,965,785 | ---- | C] () -- C:\Windows\System32\lxdihelp.chm
[2009/08/31 14:19:34 | 00,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009/08/31 14:19:34 | 00,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2009/08/31 14:19:34 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009/08/31 14:19:34 | 00,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicub.dll
[2009/08/31 14:19:34 | 00,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicu.dll
[2009/08/31 14:19:34 | 00,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicur.dll
[2009/08/31 14:19:33 | 00,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009/08/31 14:19:33 | 00,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2009/08/31 14:19:33 | 00,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2009/08/31 14:19:33 | 00,077,906 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxdicfg.dll
[2009/08/31 14:19:33 | 00,065,592 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2009/08/31 14:19:33 | 00,001,900 | ---- | C] () -- C:\Windows\System32\lxdi.loc
[2009/08/31 14:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
[2009/08/31 14:16:06 | 00,000,000 | ---D | C] -- C:\lexmark
[2009/08/31 14:15:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Lexmark X4450 driver
[2009/08/31 14:02:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/31 13:59:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/08/29 17:55:53 | 00,001,882 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/08/29 17:55:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/08/29 17:54:23 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\Apple
[2009/08/29 17:54:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/08/29 17:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/08/29 17:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Quick Time 7.5
[2009/08/29 17:16:50 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/08/29 16:54:37 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcrt40.w31
[2009/08/29 16:54:37 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcrt40.w32
[2009/08/29 16:54:37 | 00,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\System32\Deco_32.dll
[2009/08/29 16:54:37 | 00,000,929 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ThumbsPlus 3.0.lnk
[2009/08/29 16:54:36 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Pcdlib32.dll
[2009/08/29 16:54:36 | 00,125,952 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Dc50_32.dll
[2009/08/29 16:54:36 | 00,092,672 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Dc50ip32.dll
[2009/08/29 16:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thumbs32
[2009/08/29 16:52:31 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/29 16:52:31 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/29 16:31:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\FTP Commander
[2009/08/29 16:17:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2009/08/29 16:13:21 | 00,392,320 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2009/08/29 16:13:21 | 00,032,768 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2009/08/29 16:13:12 | 00,114,048 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2009/08/29 16:13:07 | 00,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 10.0.lnk
[2009/08/29 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2009/08/29 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Acronis
[2009/08/29 16:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis True Image 10
[2009/08/29 14:17:48 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Mozilla
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\Thunderbird
[2009/08/29 14:17:37 | 00,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Thunderbird Email.lnk
[2009/08/29 14:17:30 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/08/29 14:15:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thunderbird 2
[2009/08/29 09:39:43 | 01,871,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/29 09:39:42 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/08/29 09:39:42 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/08/29 09:39:40 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/29 09:39:31 | 10,621,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/29 09:39:26 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/29 09:39:25 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/29 09:39:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/29 09:39:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/29 09:39:23 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/29 09:39:21 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/29 09:39:21 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/29 09:39:15 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/08/29 09:39:15 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/29 09:39:15 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/08/29 09:39:15 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/08/29 09:39:15 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/08/29 09:39:15 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/08/29 09:39:06 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/29 09:36:56 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2009/08/29 09:36:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/29 09:36:10 | 00,000,000 | ---D | C] -- C:\ProgramData\WLInstaller
[2009/08/29 08:10:16 | 00,449,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athrusb.sys
[2009/08/29 08:10:16 | 00,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2009/08/29 08:10:16 | 00,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2009/08/29 08:10:16 | 00,016,384 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2009/08/29 08:10:16 | 00,013,312 | ---- | C] () -- C:\Windows\System32\VistaRundll.exe
[2009/08/29 07:59:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hawking HWU8DD
[2009/08/18 14:50:06 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/08/11 15:06:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/03/30 10:13:24 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007/03/23 15:44:46 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007/02/09 14:07:06 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007/01/23 19:40:16 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 01:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== Files - Modified Within 30 Days ==========
[2009/09/20 19:31:45 | 00,003,444 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.dat
[2009/09/20 19:31:38 | 00,001,503 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf_navps.dat
[2009/09/20 18:57:49 | 00,000,101 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
[2009/09/20 18:57:48 | 00,225,280 | ---- | M] (irritation) -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe
[2009/09/20 18:41:31 | 00,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/20 18:41:31 | 00,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/20 18:41:30 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/20 18:39:07 | 00,001,699 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/20 18:34:44 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/20 18:34:44 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/20 18:34:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/20 18:34:32 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/20 18:34:16 | 32,107,97056 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/20 18:31:19 | 02,337,638 | -H-- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\IconCache.db
[2009/09/20 13:00:02 | 00,001,405 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_navps.dat
[2009/09/20 13:00:00 | 00,003,330 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb.dat
[2009/09/20 10:22:02 | 00,001,387 | ---- | M] () -- C:\ProgramData\lxdi
[2009/09/19 12:19:49 | 00,000,857 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 11:38:56 | 00,000,862 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/19 09:13:01 | 41,503,105 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/19 09:12:38 | 00,112,070 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/15 12:49:30 | 00,002,609 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Microsoft Office Word 2003.lnk
[2009/09/15 02:34:41 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/12 18:10:13 | 00,498,653 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_nav.dat
[2009/09/12 18:10:00 | 00,000,100 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.bat
[2009/09/12 18:09:57 | 00,237,568 | ---- | M] (encabanai) -- C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.exe
[2009/09/12 17:15:49 | 00,104,040 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/06 17:23:14 | 00,378,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/06 17:06:37 | 00,000,240 | ---- | M] () -- C:\Windows\win.ini
[2009/09/06 16:13:21 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/06 16:13:21 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/06 16:13:20 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/06 15:57:28 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/05 13:44:06 | 00,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2009/09/05 10:51:15 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/05 10:51:12 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/05 10:51:01 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/08/31 14:44:06 | 00,065,592 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2009/08/31 14:43:57 | 00,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
[2009/08/31 14:28:12 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/08/29 17:55:53 | 00,001,882 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/08/29 16:54:37 | 00,000,929 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ThumbsPlus 3.0.lnk
[2009/08/29 16:52:31 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/29 16:52:31 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/29 16:13:21 | 00,392,320 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2009/08/29 16:13:21 | 00,032,768 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2009/08/29 16:13:12 | 00,114,048 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2009/08/29 16:13:07 | 00,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 10.0.lnk
[2009/08/29 14:17:48 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/08/29 14:17:37 | 00,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Thunderbird Email.lnk
[2009/08/29 04:41:42 | 01,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/08/29 04:40:31 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/29 00:31:54 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/28 22:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
========== LOP Check ==========
[2009/09/20 19:03:13 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming
[2009/08/21 18:21:19 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Devicescape
[2009/09/20 18:08:25 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Media Center Programs
[2009/09/20 19:03:15 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/08/17 16:45:36 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\OpenOffice.org
[2009/08/18 15:07:23 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Samsung
[2009/08/29 14:17:45 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
[2009/08/11 15:31:55 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\WinBatch
[2009/09/20 18:34:36 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/19 09:01:03 | 00,028,086 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
Is what follows the 2nd file????
OTL Extras logfile created on: 20/09/2009 19:09:17 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\COMPUTER SURGERY\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 99.96% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91.69 Gb Total Space | 36.38 Gb Free Space | 39.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSH-A100-338
Current User Name: COMPUTER SURGERY
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [+ Add to separate archive(s)] -- "C:\Program Files\Common files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\IE7 Pro\IEPro\MiniDM.exe" = C:\Program Files\Common Files\IE7 Pro\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D17431E-C64E-447D-9013-3A91BB449163}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe |
"{0F642881-2391-44FF-A419-AE3570FFA368}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{14ADAFDB-37FE-4C75-8BAA-7CCBB282D5D3}" = protocol=17 | dir=in | app=c:\users\computer surgery\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{178F4737-5E3C-4A22-A3C9-BBD8EDFAAF78}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{1C61EFB1-1C5F-4CC6-8945-B3FC676F1888}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{20DC58D2-638C-41CA-B3B0-D7A83B8E7A2B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe |
"{343F20C0-2B9C-4C27-8EE3-DD2777A15B23}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{463BF0C9-9546-4464-B7F7-D8AA741850F8}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{4B3EBB92-129E-4D67-8D98-5483338CD2E6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{937B16B6-5B46-4C47-AF8C-C9FE7490A90B}" = protocol=6 | dir=in | app=c:\users\computer surgery\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{9460DD2E-4408-4799-BB56-28CA109E9454}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{A0C8E22D-A1C1-4E37-8789-A675E77D9CCC}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{B866A930-5EC2-42DF-BD79-B491A12395D3}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{C77D25E2-0BC1-4594-B91E-D464533D42CF}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{E1F35C77-2117-495D-A40D-13447886436E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{EA3B3F61-5C4A-47A0-BA3B-3438053C07CC}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{EE91EAB4-FFD3-4FA5-9C40-AD6F43A09D53}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{F1C61CF2-C1FE-4D6F-80C3-EE5C80B3C08B}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"TCP Query User{75130A06-1F81-4053-BBCD-59E70057CD1C}C:\program files\live-player\live-player.exe" = protocol=6 | dir=in | app=c:\program files\live-player\live-player.exe |
"UDP Query User{7A89B573-36EC-419C-846B-AF0CA236D1A6}C:\program files\live-player\live-player.exe" = protocol=17 | dir=in | app=c:\program files\live-player\live-player.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{581CE7EA-A30D-0000-A215-088635773309}" = Atheros AR5007 Wireless LAN - USB
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74892A2F-57B2-48E4-81C3-1E21E12A470B}" = TOSHIBA Supervisor Password
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C50E8297-5485-432D-9E6F-53804A6F6EB9}" = Wi-Fi fastconnect
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG Free 8.5
"DriverAgent_is1" = DriverAgent by eSupport.com
"ERUNT_is1" = ERUNT 1.1j
"FTP Commander" = FTP Commander
"HDMI" = Intel® Graphics Media Accelerator Driver
"IE7Pro" = IE7Pro
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThumbsPlus version 3.0f2-S" = ThumbsPlus version 3.0f2-S
"xparbu" = Favorit
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/09/2009 12:54:08 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12/09/2009 13:10:57 | Computer Name = TOSH-A100-338 | Source = EventSystem | ID = 4621
Description =
Error - 12/09/2009 13:36:04 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15/09/2009 11:59:58 | Computer Name = TOSH-A100-338 | Source = EventSystem | ID = 4621
Description =
Error - 20/09/2009 06:09:55 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20/09/2009 06:24:42 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20/09/2009 06:26:22 | Computer Name = TOSH-A100-338 | Source = EventSystem | ID = 4621
Description =
Error - 20/09/2009 13:02:17 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20/09/2009 13:08:24 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20/09/2009 13:08:25 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 20/09/2009 04:46:11 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 04:46:11 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7009
Description =
Error - 20/09/2009 04:46:11 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 07:55:06 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 07:55:06 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7009
Description =
Error - 20/09/2009 07:55:06 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 12:56:07 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 12:56:07 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7009
Description =
Error - 20/09/2009 12:56:07 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 13:13:41 | Computer Name = TOSH-A100-338 | Source = DCOM | ID = 10016
Description =
< End of report >
< End of report >
A few points:
1. VirSCAN.org is down. It says it will take a day to fix.
2. When I looked for pipyjsc.exe & xparbu.exe they were not in your stated folder.
(I had selected 'Show hidden files' in Folder options.)
There were .bat files of both.
I thought (fool!) I would look in pipyjsc.bat to see what was in it, but it ran and uninstalled something (ouch!).
3. My last restore point was yesterday (19 Sept, 15:23), so I restored to that point.
4. When I looked back into the stated folder there was now both an .exe and a .bat of both files.
Am I going mad or is this just normal for computer-users?
Thanks (I'm learning a lot),
Jim.
Took a few hits to try to run OTL... How I'm doing?
OTL logfile created on: 20/09/2009 19:31:10 - Run 3
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\COMPUTER SURGERY\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 96.42% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91.69 Gb Total Space | 36.38 Gb Free Space | 39.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSH-A100-338
Current User Name: COMPUTER SURGERY
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe (irritation)
PRC - C:\Program Files\Common Files\IE7 Pro\IEPro\MiniDM.exe (IE7Pro.com)
PRC - C:\Windows\notepad.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Users\COMPUTER SURGERY\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AcrSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (lxdiCATSCustConnectService [Auto | Stopped]) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe (Lexmark International, Inc.)
SRV - (lxdi_device [Auto | Running]) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athrusb [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\athrusb.sys (Atheros Communications, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (snapman [Boot | Running]) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdm.sys (MCCI Corporation)
DRV - (StarOpen [System | Running]) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (tifsfilter [Auto | Running]) -- C:\Windows\System32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 14:51:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/29 17:56:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Common Files\Quick Time 7.5\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ekraixf] c:\users\computer surgery\appdata\local\ekraixf.exe (irritation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [xparbu] c:\users\computer surgery\appdata\local\xparbu.exe (encabanai)
O4 - HKLM..\RunOnce: [AirShare] C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\AirShareInstaller.exe 0;1;1;1.6.65;C File not found
O4 - Startup: C:\Users\COMPUTER SURGERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/09/20 19:05:19 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\Documents\My Downloads
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/09/20 18:57:49 | 00,003,444 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.dat
[2009/09/20 18:57:49 | 00,001,503 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf_navps.dat
[2009/09/20 18:57:48 | 00,225,280 | ---- | C] (irritation) -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe
[2009/09/20 18:39:07 | 00,001,699 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/20 18:08:25 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2009/09/20 11:10:26 | 00,001,405 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_navps.dat
[2009/09/20 11:10:25 | 00,498,653 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_nav.dat
[2009/09/20 11:10:25 | 00,003,330 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb.dat
[2009/09/19 12:19:49 | 00,000,857 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 12:19:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PeaZip
[2009/09/19 11:42:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/19 11:38:56 | 00,000,862 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/19 11:38:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ERUNT
[2009/09/12 18:10:00 | 00,000,100 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.bat
[2009/09/12 18:09:57 | 00,237,568 | ---- | C] (encabanai) -- C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.exe
[2009/09/12 17:14:56 | 00,000,101 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
[2009/09/12 16:32:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\IE7 Pro
[2009/09/12 16:21:04 | 00,813,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/12 16:21:03 | 00,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/09/12 16:21:03 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/09/12 16:21:03 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/12 16:21:03 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/12 16:21:03 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/09/12 16:21:03 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/12 16:21:03 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/12 16:21:03 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/12 16:21:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/12 16:21:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/12 16:21:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/12 16:21:03 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/12 16:20:14 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/09/12 16:20:14 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/12 16:20:13 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/09/12 16:20:05 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/12 16:20:04 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/12 16:20:03 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/09/12 16:20:03 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/09/12 16:20:03 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/09/12 16:20:03 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/09/12 16:18:46 | 01,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/12 16:18:46 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/12 16:18:46 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/12 16:18:46 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/12 16:18:46 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/12 16:18:46 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/09/12 16:18:46 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/09/12 16:18:40 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/08 15:28:44 | 00,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2009/09/06 17:24:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/09/06 15:49:34 | 00,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/09/06 15:49:34 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/09/06 15:49:34 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/09/06 15:49:33 | 01,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/09/06 15:49:33 | 00,408,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/09/06 15:49:33 | 00,272,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/09/06 15:49:33 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/09/06 15:49:33 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/09/05 11:37:34 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/05 10:51:15 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/05 10:51:14 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/05 10:51:12 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/05 10:51:04 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/05 10:51:01 | 41,503,105 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/05 10:51:01 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/05 10:51:01 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/05 10:51:01 | 00,112,070 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/05 10:51:01 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/05 10:51:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/09/05 10:50:34 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/09/05 10:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/31 15:00:18 | 00,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2009/08/31 14:57:30 | 00,001,387 | ---- | C] () -- C:\ProgramData\lxdi
[2009/08/31 14:45:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2009/08/31 14:24:06 | 00,000,000 | ---D | C] -- C:\logs
[2009/08/31 14:20:31 | 00,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
[2009/08/31 14:20:04 | 01,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2009/08/31 14:19:37 | 00,503,808 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiutil.dll
[2009/08/31 14:19:37 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009/08/31 14:19:37 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009/08/31 14:19:37 | 00,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009/08/31 14:19:37 | 00,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2009/08/31 14:19:36 | 01,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009/08/31 14:19:36 | 00,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009/08/31 14:19:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009/08/31 14:19:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2009/08/31 14:19:35 | 00,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009/08/31 14:19:35 | 00,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009/08/31 14:19:35 | 00,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2009/08/31 14:19:35 | 00,208,896 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiinsb.dll
[2009/08/31 14:19:35 | 00,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiins.dll
[2009/08/31 14:19:35 | 00,143,360 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdijswr.dll
[2009/08/31 14:19:35 | 00,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiinsr.dll
[2009/08/31 14:19:34 | 00,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxdigf.dll
[2009/08/31 14:19:34 | 00,965,785 | ---- | C] () -- C:\Windows\System32\lxdihelp.chm
[2009/08/31 14:19:34 | 00,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009/08/31 14:19:34 | 00,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2009/08/31 14:19:34 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009/08/31 14:19:34 | 00,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicub.dll
[2009/08/31 14:19:34 | 00,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicu.dll
[2009/08/31 14:19:34 | 00,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicur.dll
[2009/08/31 14:19:33 | 00,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009/08/31 14:19:33 | 00,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2009/08/31 14:19:33 | 00,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2009/08/31 14:19:33 | 00,077,906 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxdicfg.dll
[2009/08/31 14:19:33 | 00,065,592 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2009/08/31 14:19:33 | 00,001,900 | ---- | C] () -- C:\Windows\System32\lxdi.loc
[2009/08/31 14:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
[2009/08/31 14:16:06 | 00,000,000 | ---D | C] -- C:\lexmark
[2009/08/31 14:15:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Lexmark X4450 driver
[2009/08/31 14:02:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/31 13:59:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/08/29 17:55:53 | 00,001,882 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/08/29 17:55:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/08/29 17:54:23 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\Apple
[2009/08/29 17:54:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/08/29 17:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/08/29 17:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Quick Time 7.5
[2009/08/29 17:16:50 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/08/29 16:54:37 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcrt40.w31
[2009/08/29 16:54:37 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcrt40.w32
[2009/08/29 16:54:37 | 00,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\System32\Deco_32.dll
[2009/08/29 16:54:37 | 00,000,929 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ThumbsPlus 3.0.lnk
[2009/08/29 16:54:36 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Pcdlib32.dll
[2009/08/29 16:54:36 | 00,125,952 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Dc50_32.dll
[2009/08/29 16:54:36 | 00,092,672 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Dc50ip32.dll
[2009/08/29 16:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thumbs32
[2009/08/29 16:52:31 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/29 16:52:31 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/29 16:31:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\FTP Commander
[2009/08/29 16:17:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2009/08/29 16:13:21 | 00,392,320 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2009/08/29 16:13:21 | 00,032,768 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2009/08/29 16:13:12 | 00,114,048 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2009/08/29 16:13:07 | 00,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 10.0.lnk
[2009/08/29 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2009/08/29 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Acronis
[2009/08/29 16:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis True Image 10
[2009/08/29 14:17:48 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Mozilla
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\Thunderbird
[2009/08/29 14:17:37 | 00,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Thunderbird Email.lnk
[2009/08/29 14:17:30 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/08/29 14:15:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thunderbird 2
[2009/08/29 09:39:43 | 01,871,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/29 09:39:42 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/08/29 09:39:42 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/08/29 09:39:40 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/29 09:39:31 | 10,621,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/29 09:39:26 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/29 09:39:25 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/29 09:39:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/29 09:39:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/29 09:39:23 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/29 09:39:21 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/29 09:39:21 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/29 09:39:15 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/08/29 09:39:15 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/29 09:39:15 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/08/29 09:39:15 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/08/29 09:39:15 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/08/29 09:39:15 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/08/29 09:39:06 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/29 09:36:56 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2009/08/29 09:36:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/29 09:36:10 | 00,000,000 | ---D | C] -- C:\ProgramData\WLInstaller
[2009/08/29 08:10:16 | 00,449,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athrusb.sys
[2009/08/29 08:10:16 | 00,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2009/08/29 08:10:16 | 00,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2009/08/29 08:10:16 | 00,016,384 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2009/08/29 08:10:16 | 00,013,312 | ---- | C] () -- C:\Windows\System32\VistaRundll.exe
[2009/08/29 07:59:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hawking HWU8DD
[2009/08/18 14:50:06 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/08/11 15:06:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/03/30 10:13:24 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007/03/23 15:44:46 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007/02/09 14:07:06 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007/01/23 19:40:16 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 01:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== Files - Modified Within 30 Days ==========
[2009/09/20 19:31:45 | 00,003,444 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.dat
[2009/09/20 19:31:38 | 00,001,503 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf_navps.dat
[2009/09/20 18:57:49 | 00,000,101 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
[2009/09/20 18:57:48 | 00,225,280 | ---- | M] (irritation) -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe
[2009/09/20 18:41:31 | 00,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/20 18:41:31 | 00,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/20 18:41:30 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/20 18:39:07 | 00,001,699 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/20 18:34:44 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/20 18:34:44 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/20 18:34:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/20 18:34:32 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/20 18:34:16 | 32,107,97056 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/20 18:31:19 | 02,337,638 | -H-- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\IconCache.db
[2009/09/20 13:00:02 | 00,001,405 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_navps.dat
[2009/09/20 13:00:00 | 00,003,330 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb.dat
[2009/09/20 10:22:02 | 00,001,387 | ---- | M] () -- C:\ProgramData\lxdi
[2009/09/19 12:19:49 | 00,000,857 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 11:38:56 | 00,000,862 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/19 09:13:01 | 41,503,105 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/19 09:12:38 | 00,112,070 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/15 12:49:30 | 00,002,609 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Microsoft Office Word 2003.lnk
[2009/09/15 02:34:41 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/12 18:10:13 | 00,498,653 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_nav.dat
[2009/09/12 18:10:00 | 00,000,100 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.bat
[2009/09/12 18:09:57 | 00,237,568 | ---- | M] (encabanai) -- C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.exe
[2009/09/12 17:15:49 | 00,104,040 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/06 17:23:14 | 00,378,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/06 17:06:37 | 00,000,240 | ---- | M] () -- C:\Windows\win.ini
[2009/09/06 16:13:21 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/06 16:13:21 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/06 16:13:20 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/06 15:57:28 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/05 13:44:06 | 00,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2009/09/05 10:51:15 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/05 10:51:12 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/05 10:51:01 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/08/31 14:44:06 | 00,065,592 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2009/08/31 14:43:57 | 00,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
[2009/08/31 14:28:12 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/08/29 17:55:53 | 00,001,882 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/08/29 16:54:37 | 00,000,929 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ThumbsPlus 3.0.lnk
[2009/08/29 16:52:31 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/29 16:52:31 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/29 16:13:21 | 00,392,320 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2009/08/29 16:13:21 | 00,032,768 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2009/08/29 16:13:12 | 00,114,048 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2009/08/29 16:13:07 | 00,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 10.0.lnk
[2009/08/29 14:17:48 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/08/29 14:17:37 | 00,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Thunderbird Email.lnk
[2009/08/29 04:41:42 | 01,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/08/29 04:40:31 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/29 00:31:54 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/28 22:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
========== LOP Check ==========
[2009/09/20 19:03:13 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming
[2009/08/21 18:21:19 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Devicescape
[2009/09/20 18:08:25 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Media Center Programs
[2009/09/20 19:03:15 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/08/17 16:45:36 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\OpenOffice.org
[2009/08/18 15:07:23 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Samsung
[2009/08/29 14:17:45 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
[2009/08/11 15:31:55 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\WinBatch
[2009/09/20 18:34:36 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/19 09:01:03 | 00,028,086 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
Is what follows the 2nd file????
OTL Extras logfile created on: 20/09/2009 19:09:17 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\COMPUTER SURGERY\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 99.96% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91.69 Gb Total Space | 36.38 Gb Free Space | 39.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSH-A100-338
Current User Name: COMPUTER SURGERY
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [+ Add to separate archive(s)] -- "C:\Program Files\Common files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\IE7 Pro\IEPro\MiniDM.exe" = C:\Program Files\Common Files\IE7 Pro\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D17431E-C64E-447D-9013-3A91BB449163}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe |
"{0F642881-2391-44FF-A419-AE3570FFA368}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{14ADAFDB-37FE-4C75-8BAA-7CCBB282D5D3}" = protocol=17 | dir=in | app=c:\users\computer surgery\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{178F4737-5E3C-4A22-A3C9-BBD8EDFAAF78}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{1C61EFB1-1C5F-4CC6-8945-B3FC676F1888}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{20DC58D2-638C-41CA-B3B0-D7A83B8E7A2B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe |
"{343F20C0-2B9C-4C27-8EE3-DD2777A15B23}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{463BF0C9-9546-4464-B7F7-D8AA741850F8}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{4B3EBB92-129E-4D67-8D98-5483338CD2E6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{937B16B6-5B46-4C47-AF8C-C9FE7490A90B}" = protocol=6 | dir=in | app=c:\users\computer surgery\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{9460DD2E-4408-4799-BB56-28CA109E9454}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{A0C8E22D-A1C1-4E37-8789-A675E77D9CCC}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{B866A930-5EC2-42DF-BD79-B491A12395D3}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{C77D25E2-0BC1-4594-B91E-D464533D42CF}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{E1F35C77-2117-495D-A40D-13447886436E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{EA3B3F61-5C4A-47A0-BA3B-3438053C07CC}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{EE91EAB4-FFD3-4FA5-9C40-AD6F43A09D53}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{F1C61CF2-C1FE-4D6F-80C3-EE5C80B3C08B}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"TCP Query User{75130A06-1F81-4053-BBCD-59E70057CD1C}C:\program files\live-player\live-player.exe" = protocol=6 | dir=in | app=c:\program files\live-player\live-player.exe |
"UDP Query User{7A89B573-36EC-419C-846B-AF0CA236D1A6}C:\program files\live-player\live-player.exe" = protocol=17 | dir=in | app=c:\program files\live-player\live-player.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{581CE7EA-A30D-0000-A215-088635773309}" = Atheros AR5007 Wireless LAN - USB
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74892A2F-57B2-48E4-81C3-1E21E12A470B}" = TOSHIBA Supervisor Password
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C50E8297-5485-432D-9E6F-53804A6F6EB9}" = Wi-Fi fastconnect
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG Free 8.5
"DriverAgent_is1" = DriverAgent by eSupport.com
"ERUNT_is1" = ERUNT 1.1j
"FTP Commander" = FTP Commander
"HDMI" = Intel® Graphics Media Accelerator Driver
"IE7Pro" = IE7Pro
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThumbsPlus version 3.0f2-S" = ThumbsPlus version 3.0f2-S
"xparbu" = Favorit
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/09/2009 12:54:08 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12/09/2009 13:10:57 | Computer Name = TOSH-A100-338 | Source = EventSystem | ID = 4621
Description =
Error - 12/09/2009 13:36:04 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15/09/2009 11:59:58 | Computer Name = TOSH-A100-338 | Source = EventSystem | ID = 4621
Description =
Error - 20/09/2009 06:09:55 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20/09/2009 06:24:42 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20/09/2009 06:26:22 | Computer Name = TOSH-A100-338 | Source = EventSystem | ID = 4621
Description =
Error - 20/09/2009 13:02:17 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20/09/2009 13:08:24 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20/09/2009 13:08:25 | Computer Name = TOSH-A100-338 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 20/09/2009 04:46:11 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 04:46:11 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7009
Description =
Error - 20/09/2009 04:46:11 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 07:55:06 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 07:55:06 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7009
Description =
Error - 20/09/2009 07:55:06 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 12:56:07 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 12:56:07 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7009
Description =
Error - 20/09/2009 12:56:07 | Computer Name = TOSH-A100-338 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/09/2009 13:13:41 | Computer Name = TOSH-A100-338 | Source = DCOM | ID = 10016
Description =
< End of report >
< End of report >
#7
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 20 September 2009 - 01:22 PM
Hi JimByTheRiver,
:) , but 960 will work just as well. And you are doing fine.
Please do not make any changes to your system.
We'll use a tool to get a look at the .bat files, much safer that way, and a dfferent scanner to check some files.
I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis
To submit a file to virustotal, please click on this link
Http://www.virustotal.com
copy and paste the following into the upload a file box (one at a time if more than one file is listed)
C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.exe
C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe
scroll down a bit and click "send file", wait for the results and post them in your next reply.
Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Please post back with
Why not, everyone else does.Thank you 960 (I can't call you 'oldman')
:) , but 960 will work just as well. And you are doing fine.No, your sanity isn't in question, it looks like something is playing with us.Am I going mad or is this just normal for computer-users?
Please do not make any changes to your system.
We'll use a tool to get a look at the .bat files, much safer that way,
and a dfferent scanner to check some files.I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis
To submit a file to virustotal, please click on this link
Http://www.virustotal.com
copy and paste the following into the upload a file box (one at a time if more than one file is listed)
C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.exe
C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe
scroll down a bit and click "send file", wait for the results and post them in your next reply.
Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- right click SystemLook.exe and choose Run as Adminstrator to run it.
- Copy the content of the following codebox into the main textfield
- Do not copy the word CODE , please note the script starts with the :
:contents C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat C:\Users\COMPUTER SURGERY\AppData\Local\xparbu.bat
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Please post back with
- VirusTotal results
- SystemLook log
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#8
JimByTheRiver
-
- Authentic Member
-
- 17 posts
New Member
Posted 20 September 2009 - 03:37 PM
Hey 960,
You're a great man.
Jim.
P.S. It's 10.30pm here and my wife wants the bedroom as she has to work tomorrow.
I don't work, so available all day. But not for another 10 hours.
**********
I used Notepad to open pipyjsc.bat. Contents:
@echo Uninstalling the software...
@"c:\users\computer surgery\appdata\local\ekraixf.exe" -uninstall
**********
I used Notepad to open xparbu.bat. Contents:
@echo Uninstalling the software...
@"c:\users\computer surgery\appdata\local\xparbu.exe" -uninstall
**********
From virustotal.com:
File xparbu.exe received on 2009.09.20 20:48:42 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/41 (9.76%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.20 -
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.18 -
Antiy-AVL 2.0.3.7 2009.09.18 -
Authentium 5.1.2.4 2009.09.20 -
Avast 4.8.1351.0 2009.09.19 -
AVG 8.5.0.412 2009.09.20 -
BitDefender 7.2 2009.09.20 -
CAT-QuickHeal 10.00 2009.09.19 -
ClamAV 0.94.1 2009.09.19 -
Comodo 2384 2009.09.20 -
DrWeb 5.0.0.12182 2009.09.20 -
eSafe 7.0.17.0 2009.09.17 -
eTrust-Vet 31.6.6746 2009.09.18 -
F-Prot 4.5.1.85 2009.09.20 -
F-Secure 8.0.14470.0 2009.09.20 Trojan.Win32.Hrup.gen
Fortinet 3.120.0.0 2009.09.19 -
GData 19 2009.09.20 -
Ikarus T3.1.1.72.0 2009.09.20 -
Jiangmin 11.0.800 2009.09.20 -
K7AntiVirus 7.10.849 2009.09.19 -
Kaspersky 7.0.0.125 2009.09.20 Trojan.Win32.Hrup.gen
McAfee 5747 2009.09.20 -
McAfee+Artemis 5747 2009.09.20 -
McAfee-GW-Edition 6.8.5 2009.09.20 Heuristic.LooksLike.Win32.Rootkit.H
Microsoft 1.5005 2009.09.20 -
NOD32 4441 2009.09.19 -
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.20 -
Panda 10.0.2.2 2009.09.20 -
PCTools 4.4.2.0 2009.09.20 -
Prevx 3.0 2009.09.20 Low Risk Adware
Rising 21.47.62.00 2009.09.20 -
Sophos 4.45.0 2009.09.20 -
Sunbelt 3.2.1858.2 2009.09.20 -
Symantec 1.4.4.12 2009.09.20 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.20 -
VBA32 3.12.10.10 2009.09.20 -
ViRobot 2009.9.18.1943 2009.09.18 -
VirusBuster 4.6.5.0 2009.09.20 -
Additional information
File size: 237568 bytes
MD5...: 4403de4d5cd64daad98fe9867bc05636
SHA1..: ca808389c3f46501ac10fec238e7de6e14bfd7cc
SHA256: ecc468be88002034ebea7e7492e5fbe0619cd6ed893d5b9de1c0c72af1e1cdf8
ssdeep: 3072:Xh9BX8V2tSTCV1a9sHhUWVi8oOgqw9Un8NhLDcJ9uP+szHdmjGzGkUL3MAm
:5X8aaefti8d1w9UnqhLd+srdmKzG3
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9aa0
timedatestamp.....: 0x4438a6cb (Sun Apr 09 06:16:43 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x321a0 0x32200 7.87 e67b37f851672cb1cad5948aeaa8eaef
.rdata 0x34000 0x685e 0x6a00 5.73 f6718b9131bd8e6ce40bf10864ac4644
.data 0x3b000 0xa30 0xc00 5.06 22e458bff9462c3eff58c42632c83494
.rsrc 0x3c000 0x2c0 0x400 2.37 9f17d65399c01ea9e98e844d2d59639e
( 7 imports )
> KERNEL32.dll: TlsFree, MapViewOfFile, CompareStringA, RaiseException, GetCurrentThread, InterlockedCompareExchange, Sleep, HeapSize, GetCPInfo, GetCommandLineW, LockResource, GetCurrentProcessId, GetEnvironmentStrings, CreateProcessW, lstrlenW, VirtualQuery, GlobalUnlock, GetEnvironmentStringsW, GetThreadLocale, FindNextFileW, LCMapStringA, FindResourceW, GetConsoleCP, GlobalFree, lstrlenA, UnmapViewOfFile, GetLastError, LeaveCriticalSection, ExitProcess, TlsSetValue, GetFileType, CreateEventA, CreateFileW, GetTimeZoneInformation, RemoveDirectoryA, WaitForMultipleObjects, FindNextFileA, ResetEvent, lstrcpyA, FindFirstFileA, lstrcmpA, CompareStringW, GetProcessHeap, GetSystemInfo, GetProcAddress, DeleteFileW, SetErrorMode, GetWindowsDirectoryA, DeleteFileA, LCMapStringW, GetFileSize, GetStartupInfoA, LoadLibraryA, GetVersionExA, TlsAlloc, GetTickCount, QueryPerformanceCounter, SetEvent, GetVersionExW, LoadLibraryW, SetHandleCount, EnterCriticalSection, HeapFree, SetCurrentDirectoryA, InterlockedIncrement, GetVersion, GetModuleHandleA, GlobalAlloc, WriteConsoleA, GetEnvironmentVariableA, TerminateProcess, SetEnvironmentVariableA, MulDiv, SetUnhandledExceptionFilter, CreateThread, SetFilePointer, CreateMutexA, GetLocalTime, MultiByteToWideChar, UnhandledExceptionFilter, GetPrivateProfileStringA, LoadLibraryExA, GetModuleFileNameA, FlushFileBuffers, HeapAlloc, IsDebuggerPresent, VirtualProtect, GetModuleFileNameW, TlsGetValue, SetLastError, OutputDebugStringA, FormatMessageA, InterlockedDecrement, FindClose, LoadResource, InitializeCriticalSection, FormatMessageW, LocalFree, FreeLibrary, SetFileAttributesA, GetStringTypeW, HeapReAlloc, GetExitCodeProcess, GetSystemTimeAsFileTime, WriteFile, GetStringTypeA, lstrcmpiA, WideCharToMultiByte, SetStdHandle, GetLocaleInfoW, FreeEnvironmentStringsW, LoadLibraryExW, CreateFileA, ExpandEnvironmentStringsA, lstrcatA, LocalAlloc, GetLocaleInfoA, GetConsoleMode, GetCurrentDirectoryA, GetCurrentProcess, DeleteCriticalSection, FreeEnvironmentStringsA, GetFileAttributesW, HeapDestroy, FindFirstFileW, GetDriveTypeA, WaitForSingleObject, GetFileAttributesA, FileTimeToSystemTime, ReleaseMutex, GetConsoleOutputCP, GetStdHandle, ReadFile, CloseHandle, lstrcpynA, GetACP, GlobalLock, GetModuleHandleW, GetCurrentThreadId, SizeofResource, InterlockedExchange, CreateProcessA, IsValidCodePage, HeapCreate, VirtualFree, IsBadReadPtr, FindResourceA, GetOEMCP, GetCommandLineA, SetEndOfFile, VirtualAlloc
> USER32.dll: DefWindowProcA, KillTimer, BeginPaint, SetFocus, EndPaint, DispatchMessageA, FillRect, CreateWindowExA, GetWindowLongA, EnableMenuItem, LoadStringA, GetWindow, IsWindowEnabled, TranslateMessage, PeekMessageA, EnableWindow, ShowWindow, UpdateWindow, GetParent, GetMessageA, GetSystemMetrics, ClientToScreen, TrackPopupMenu, SendMessageA, SendMessageW, SetWindowTextA, GetDC, IsWindow, SetWindowPos, PostQuitMessage, MapWindowPoints, GetDlgItem, ScreenToClient, LoadCursorA, LoadIconA, GetDesktopWindow, SetForegroundWindow, ReleaseDC, EndDialog, MessageBoxA, DialogBoxParamA, GetWindowRect, IsIconic, PostMessageA, ReleaseCapture, DestroyWindow, SetWindowLongA, GetSysColor, SystemParametersInfoA, IsWindowVisible, wsprintfA, InvalidateRect, GetClientRect, CallWindowProcA, GetFocus, SetCursor, CheckMenuItem, GetSubMenu, GetCursorPos, SetTimer
> ADVAPI32.dll: RegDeleteKeyA, RegQueryValueExW, RegCreateKeyExA, RegQueryValueExA, RegCreateKeyExW, RegOpenKeyExA, RegOpenKeyExW, RegCloseKey, RegDeleteValueA
> OLEAUT32.dll: -, -, -, -, -
> GDI32.dll: CreateSolidBrush, SetTextColor, GetStockObject, DeleteDC, GetDeviceCaps, DeleteObject, SetBkColor, SelectObject
> ole32.dll: CoCreateInstance, CoTaskMemAlloc, CoInitialize, CoUninitialize
> MSVCRT.dll: exit, _exit, free
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: encabanai
copyright....: n/a
product......: j_officiasse
description..: mochuelo
original name: n/a
internal name: n/a
file version.: 1, 8, 3, 5
comments.....: Antarctic
signers......: -
signing date.: -
verified.....: Unsigned
<a href='http://info.prevx.co...0E284008F6FDBE0' target='_blank'>http://info.prevx.co...4008F6FDBE0</a>
File ekraixf.exe received on 2009.09.20 20:59:12 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 70 and 100 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.20 -
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.18 -
Antiy-AVL 2.0.3.7 2009.09.18 -
Authentium 5.1.2.4 2009.09.20 -
Avast 4.8.1351.0 2009.09.20 -
AVG 8.5.0.412 2009.09.20 -
BitDefender 7.2 2009.09.20 -
CAT-QuickHeal 10.00 2009.09.19 -
ClamAV 0.94.1 2009.09.19 -
Comodo 2384 2009.09.20 -
DrWeb 5.0.0.12182 2009.09.20 -
eSafe 7.0.17.0 2009.09.17 -
eTrust-Vet 31.6.6746 2009.09.18 -
F-Prot 4.5.1.85 2009.09.20 -
F-Secure 8.0.14470.0 2009.09.20 -
Fortinet 3.120.0.0 2009.09.19 -
GData 19 2009.09.20 -
Ikarus T3.1.1.72.0 2009.09.20 -
Jiangmin 11.0.800 2009.09.20 -
K7AntiVirus 7.10.849 2009.09.19 -
Kaspersky 7.0.0.125 2009.09.20 -
McAfee 5747 2009.09.20 -
McAfee+Artemis 5747 2009.09.20 -
McAfee-GW-Edition 6.8.5 2009.09.20 -
Microsoft 1.5005 2009.09.20 -
NOD32 4441 2009.09.19 -
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.20 -
Panda 10.0.2.2 2009.09.20 -
PCTools 4.4.2.0 2009.09.20 -
Prevx 3.0 2009.09.20 -
Rising 21.47.62.00 2009.09.20 -
Sophos 4.45.0 2009.09.20 -
Sunbelt 3.2.1858.2 2009.09.20 -
Symantec 1.4.4.12 2009.09.20 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.20 -
VBA32 3.12.10.10 2009.09.20 -
ViRobot 2009.9.18.1943 2009.09.18 -
VirusBuster 4.6.5.0 2009.09.20 -
Additional information
File size: 225280 bytes
MD5...: d54557f7945bfd9e9d3fa08b27d67f29
SHA1..: 1059212d0cf3fa153910485687e8edde5dea3def
SHA256: bbca176a92b118b131fc2d992695c61df39a82278df6d9025baac6e4285b559d
ssdeep: 3072:6wsQyCBLfFvAWf3cdTAvlPH9Dr61hL2KU9I2sU1QhnFx+pgfJdNtsJjYvjr
:6bQyCBWyvZV61hL2KUa2sU1Q8pUNt4
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9aa0
timedatestamp.....: 0x472f87db (Mon Nov 05 21:15:07 2007)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
caqamo 0x1000 0x32170 0x33000 7.78 82a8a349994aaadadd8b2a6453828000
.rdata 0x34000 0x176a 0x2000 4.44 98ad1d6bd1a4637ec202f6afb542154e
.rsrc 0x36000 0x868 0x1000 2.00 ddee72351c551be21898dd0e5e4b8f6e
( 8 imports )
> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> ole32.dll: CoCreateInstance, CoUninitialize, CoInitialize
> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, RegCreateKeyExW, RegQueryValueExA, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA
> GDI32.dll: GetStockObject, GetDeviceCaps, DeleteObject, CreateFontIndirectA, SetBkColor, BitBlt, SetTextColor, SetBkMode, CreateSolidBrush, SelectObject
> KERNEL32.dll: ReleaseMutex, GetConsoleOutputCP, GetStdHandle, FindFirstFileW, WaitForSingleObject, TerminateProcess, FileTimeToSystemTime, VirtualAlloc, GetCommandLineA, GetFullPathNameA, FindResourceA, Sleep, VirtualFree, HeapCreate, IsValidCodePage, CreateProcessA, GetEnvironmentStrings, GetVersion, GetModuleHandleW, GetACP, lstrcpynA, FindNextFileW, ReadFile, SetFilePointer, TlsFree, MapViewOfFile, RaiseException, GetCurrentThread, InterlockedCompareExchange, HeapSize, GetCPInfo, GetCommandLineW, LockResource, GetCurrentProcessId, SizeofResource, FileTimeToLocalFileTime, lstrlenW, VirtualQuery, GlobalUnlock, GetEnvironmentStringsW, GetThreadLocale, LCMapStringA, FindResourceW, GetConsoleCP, GlobalFree, lstrlenA, UnmapViewOfFile, SetStdHandle, GetLastError, LeaveCriticalSection, HeapAlloc, TlsSetValue, GetFileType, CreateEventA, CreateFileW, RemoveDirectoryA, GlobalLock, WaitForMultipleObjects, FindNextFileA, CreateFileMappingA, ResetEvent, CompareStringA, GetDiskFreeSpaceA, FindFirstFileA, CompareStringW, GetProcessHeap, GetSystemInfo, GetProcAddress, DeleteFileW, GetEnvironmentVariableA, DeleteFileA, CreateDirectoryA, LCMapStringW, GetFileSize, GetStartupInfoA, FreeLibrary, LoadLibraryA, GetVersionExA, TlsAlloc, GetTickCount, QueryPerformanceCounter, SetEvent, GetVersionExW, VirtualProtect, LoadLibraryW, SetHandleCount, EnterCriticalSection, HeapFree, CloseHandle, WriteConsoleW, InterlockedIncrement, GetCurrentThreadId, GetLocaleInfoA, SetEndOfFile, GlobalAlloc, WriteConsoleA, HeapDestroy, SetEnvironmentVariableA, GetSystemDirectoryA, MulDiv, SetUnhandledExceptionFilter, CreateThread, GetModuleHandleA, GetLocalTime, MultiByteToWideChar, UnhandledExceptionFilter, GetPrivateProfileStringA, LoadLibraryExA, GetModuleFileNameA, FlushFileBuffers, ExitProcess, IsDebuggerPresent, GetModuleFileNameW, TlsGetValue, SetLastError, OutputDebugStringA, FormatMessageA, InterlockedDecrement, FindClose, LoadResource, InitializeCriticalSection, GetExitCodeProcess, FormatMessageW, LocalFree, GetOEMCP, SetFileAttributesA, GetStringTypeW, HeapReAlloc, GetSystemTimeAsFileTime, WriteFile, InterlockedExchange, GetStringTypeA, lstrcmpiA, WideCharToMultiByte, GetTempPathA, FreeEnvironmentStringsW, SetErrorMode, CreateFileA, LocalAlloc, GetConsoleMode, GetCurrentDirectoryA, GetCurrentProcess, DeleteCriticalSection, FreeEnvironmentStringsA, GetFileAttributesW, GetFileAttributesA
> OLEAUT32.dll: -, -, -
> USER32.dll: IsWindow, SetWindowPos, PostQuitMessage, GetSystemMetrics, SetCursor, CallWindowProcA, GetClientRect, SendMessageA, InvalidateRect, IsWindowVisible, GetSysColor, MessageBoxA, SetDlgItemTextA, EndDialog, SetForegroundWindow, GetDesktopWindow, LoadIconA, LoadCursorA, ClientToScreen, GetDlgItem, CreateWindowExA, CheckMenuItem, SetWindowTextA, SetWindowLongA, PostMessageA, IsIconic, GetWindowRect, EndPaint, DefWindowProcA, BeginPaint, SetFocus, FillRect, SetTimer, GetWindowLongA, RegisterClassA, EnableMenuItem, LoadStringA, IsWindowEnabled, TranslateMessage, PeekMessageA, EnableWindow, ShowWindow, UpdateWindow, GetParent, DestroyWindow, GetKeyState, ScreenToClient, ReleaseDC, GetCursorPos, GetDC, MapWindowPoints
> MSVCRT.dll: exit, _cexit
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: irritation
copyright....: cargadores
product......: f_nico
description..: s_illuminassent
original name: n/a
internal name: arri_re-bec
file version.: 9, 9, 1, 9
comments.....: trapajoso
signers......: -
signing date.: -
verified.....: Unsigned
#9
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 21 September 2009 - 06:43 AM
Hi JimByTheRiver
Do you recognize a program called Favorit?
Thanks
Do you recognize a program called Favorit?
Thanks
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#10
JimByTheRiver
-
- Authentic Member
-
- 17 posts
New Member
Posted 21 September 2009 - 08:41 AM
Hello MyMan960,
Has anyone ever told you that you are the sexiest thing on the planet?
I will remove it.
Point me towards the 'Donations' box.
All good things,
Oh - and thanks.
Jim.
Register to Remove
#11
JimByTheRiver
-
- Authentic Member
-
- 17 posts
New Member
Posted 21 September 2009 - 09:30 AM
Dear MyMan960,
That was not effusive enough.
Not when I thought that my computer was about to be dragged down the drain.
Thanks very much for you help. You are a technological wizard, an organ of knowledge, a magnificent addition to the world.
That program installed without my knowledge.
Have you any suggestions for better protection?
e.g. A particular program or set of programs.
And I will make a donation.
Thanks,
Jim.
#12
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 21 September 2009 - 06:51 PM
Hi JimByTheRiver,
I'll give you some recommendations for programs ans some safe surfing tips after we are sure we got everything.
After you uninstall Favorit please post a new OTL log and we'll see what remains of that program.
Thanks
I'll give you some recommendations for programs ans some safe surfing tips after we are sure we got everything.
After you uninstall Favorit please post a new OTL log and we'll see what remains of that program.
Thanks
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#13
JimByTheRiver
-
- Authentic Member
-
- 17 posts
New Member
Posted 23 September 2009 - 01:28 AM
Thank you 960,
You are a treasure,
Jim.
OTL log:
OTL logfile created on: 23/09/2009 08:18:58 - Run 4
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\COMPUTER SURGERY\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91.69 Gb Total Space | 36.70 Gb Free Space | 40.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSH-A100-338
Current User Name: COMPUTER SURGERY
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe (irritation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Users\COMPUTER SURGERY\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AcrSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (lxdiCATSCustConnectService [Auto | Stopped]) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe (Lexmark International, Inc.)
SRV - (lxdi_device [Auto | Running]) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athrusb [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\athrusb.sys (Atheros Communications, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (snapman [Boot | Running]) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdm.sys (MCCI Corporation)
DRV - (StarOpen [System | Running]) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (tifsfilter [Auto | Running]) -- C:\Windows\System32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 14:51:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/29 17:56:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Common Files\Quick Time 7.5\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ekraixf] c:\users\computer surgery\appdata\local\ekraixf.exe (irritation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AirShare] C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\AirShareInstaller.exe 0;1;1;1.6.65;C File not found
O4 - Startup: C:\Users\COMPUTER SURGERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/09/21 16:05:32 | 00,000,971 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\OpenOffice.org Writer.lnk
[2009/09/20 22:07:09 | 00,102,660 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\SystemLook.exe
[2009/09/20 19:05:19 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\Documents\My Downloads
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/09/20 18:57:49 | 00,003,292 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.dat
[2009/09/20 18:57:49 | 00,001,338 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf_navps.dat
[2009/09/20 18:57:48 | 00,225,280 | ---- | C] (irritation) -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe
[2009/09/20 18:39:07 | 00,001,699 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/20 18:08:25 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2009/09/20 11:10:26 | 00,001,405 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_navps.dat
[2009/09/20 11:10:25 | 00,498,653 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_nav.dat
[2009/09/20 11:10:25 | 00,003,330 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb.dat
[2009/09/19 12:19:49 | 00,000,857 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 12:19:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PeaZip
[2009/09/19 11:42:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/19 11:38:56 | 00,000,862 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/19 11:38:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ERUNT
[2009/09/12 17:14:56 | 00,000,101 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
[2009/09/12 16:32:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\IE7 Pro
[2009/09/12 16:21:04 | 00,813,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/12 16:21:03 | 00,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/09/12 16:21:03 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/09/12 16:21:03 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/12 16:21:03 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/12 16:21:03 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/09/12 16:21:03 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/12 16:21:03 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/12 16:21:03 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/12 16:21:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/12 16:21:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/12 16:21:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/12 16:21:03 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/12 16:20:14 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/09/12 16:20:14 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/12 16:20:13 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/09/12 16:20:05 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/12 16:20:04 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/12 16:20:03 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/09/12 16:20:03 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/09/12 16:20:03 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/09/12 16:20:03 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/09/12 16:18:46 | 01,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/12 16:18:46 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/12 16:18:46 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/12 16:18:46 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/12 16:18:46 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/12 16:18:46 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/09/12 16:18:46 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/09/12 16:18:40 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/08 15:28:44 | 00,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2009/09/06 17:24:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/09/06 15:49:34 | 00,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/09/06 15:49:34 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/09/06 15:49:34 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/09/06 15:49:33 | 01,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/09/06 15:49:33 | 00,408,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/09/06 15:49:33 | 00,272,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/09/06 15:49:33 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/09/06 15:49:33 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/09/05 11:37:34 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/05 10:51:15 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/05 10:51:14 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/05 10:51:12 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/05 10:51:04 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/05 10:51:01 | 41,653,142 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/05 10:51:01 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/05 10:51:01 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/05 10:51:01 | 00,112,900 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/05 10:51:01 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/05 10:51:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/09/05 10:50:34 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/09/05 10:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/31 15:00:18 | 00,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2009/08/31 14:57:30 | 00,001,540 | ---- | C] () -- C:\ProgramData\lxdi
[2009/08/31 14:45:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2009/08/31 14:24:06 | 00,000,000 | ---D | C] -- C:\logs
[2009/08/31 14:20:31 | 00,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark 4550 Printer.LNK
[2009/08/31 14:20:04 | 01,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2009/08/31 14:19:37 | 00,503,808 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiutil.dll
[2009/08/31 14:19:37 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009/08/31 14:19:37 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009/08/31 14:19:37 | 00,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009/08/31 14:19:37 | 00,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2009/08/31 14:19:36 | 01,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009/08/31 14:19:36 | 00,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009/08/31 14:19:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009/08/31 14:19:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2009/08/31 14:19:35 | 00,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009/08/31 14:19:35 | 00,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009/08/31 14:19:35 | 00,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2009/08/31 14:19:35 | 00,208,896 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiinsb.dll
[2009/08/31 14:19:35 | 00,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiins.dll
[2009/08/31 14:19:35 | 00,143,360 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdijswr.dll
[2009/08/31 14:19:35 | 00,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiinsr.dll
[2009/08/31 14:19:34 | 00,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxdigf.dll
[2009/08/31 14:19:34 | 00,965,785 | ---- | C] () -- C:\Windows\System32\lxdihelp.chm
[2009/08/31 14:19:34 | 00,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009/08/31 14:19:34 | 00,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2009/08/31 14:19:34 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009/08/31 14:19:34 | 00,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicub.dll
[2009/08/31 14:19:34 | 00,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicu.dll
[2009/08/31 14:19:34 | 00,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicur.dll
[2009/08/31 14:19:33 | 00,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009/08/31 14:19:33 | 00,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2009/08/31 14:19:33 | 00,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2009/08/31 14:19:33 | 00,077,906 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxdicfg.dll
[2009/08/31 14:19:33 | 00,065,592 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2009/08/31 14:19:33 | 00,001,900 | ---- | C] () -- C:\Windows\System32\lxdi.loc
[2009/08/31 14:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
[2009/08/31 14:16:06 | 00,000,000 | ---D | C] -- C:\lexmark
[2009/08/31 14:15:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Lexmark X4450 driver
[2009/08/31 14:02:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/31 13:59:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/08/29 17:55:53 | 00,001,882 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/08/29 17:55:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/08/29 17:54:23 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\Apple
[2009/08/29 17:54:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/08/29 17:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/08/29 17:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Quick Time 7.5
[2009/08/29 17:16:50 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/08/29 16:54:37 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcrt40.w31
[2009/08/29 16:54:37 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcrt40.w32
[2009/08/29 16:54:37 | 00,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\System32\Deco_32.dll
[2009/08/29 16:54:37 | 00,000,929 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ThumbsPlus 3.0.lnk
[2009/08/29 16:54:36 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Pcdlib32.dll
[2009/08/29 16:54:36 | 00,125,952 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Dc50_32.dll
[2009/08/29 16:54:36 | 00,092,672 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Dc50ip32.dll
[2009/08/29 16:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thumbs32
[2009/08/29 16:52:31 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/29 16:52:31 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/29 16:31:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\FTP Commander
[2009/08/29 16:17:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2009/08/29 16:13:21 | 00,392,320 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2009/08/29 16:13:21 | 00,032,768 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2009/08/29 16:13:12 | 00,114,048 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2009/08/29 16:13:07 | 00,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 10.0.lnk
[2009/08/29 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2009/08/29 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Acronis
[2009/08/29 16:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis True Image 10
[2009/08/29 14:17:48 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Mozilla
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\Thunderbird
[2009/08/29 14:17:37 | 00,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Thunderbird Email.lnk
[2009/08/29 14:17:30 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/08/29 14:15:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thunderbird 2
[2009/08/29 09:39:43 | 01,871,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/29 09:39:42 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/08/29 09:39:42 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/08/29 09:39:40 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/29 09:39:31 | 10,621,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/29 09:39:26 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/29 09:39:25 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/29 09:39:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/29 09:39:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/29 09:39:23 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/29 09:39:21 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/29 09:39:21 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/29 09:39:15 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/08/29 09:39:15 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/29 09:39:15 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/08/29 09:39:15 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/08/29 09:39:15 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/08/29 09:39:15 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/08/29 09:39:06 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/29 09:36:56 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2009/08/29 09:36:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/29 09:36:10 | 00,000,000 | ---D | C] -- C:\ProgramData\WLInstaller
[2009/08/29 08:10:16 | 00,449,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athrusb.sys
[2009/08/29 08:10:16 | 00,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2009/08/29 08:10:16 | 00,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2009/08/29 08:10:16 | 00,016,384 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2009/08/29 08:10:16 | 00,013,312 | ---- | C] () -- C:\Windows\System32\VistaRundll.exe
[2009/08/29 07:59:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hawking HWU8DD
[2009/08/18 14:50:06 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/08/11 15:06:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/03/30 10:13:24 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007/03/23 15:44:46 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007/02/09 14:07:06 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007/01/23 19:40:16 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 01:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== Files - Modified Within 30 Days ==========
[2009/09/23 08:22:31 | 00,001,338 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf_navps.dat
[2009/09/23 08:21:58 | 00,003,292 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.dat
[2009/09/23 08:18:24 | 00,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/23 08:18:24 | 00,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/23 08:18:23 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/23 08:17:16 | 00,000,101 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
[2009/09/23 08:16:32 | 00,001,540 | ---- | M] () -- C:\ProgramData\lxdi
[2009/09/23 07:53:16 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/23 07:53:16 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/23 07:53:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/23 07:53:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/23 07:52:57 | 32,107,97056 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/22 12:22:58 | 06,291,456 | -H-- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\IconCache.db
[2009/09/22 09:35:02 | 41,653,142 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/22 09:34:33 | 00,112,900 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/21 16:05:32 | 00,000,971 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\OpenOffice.org Writer.lnk
[2009/09/20 18:57:48 | 00,225,280 | ---- | M] (irritation) -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe
[2009/09/20 18:39:07 | 00,001,699 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/20 13:00:02 | 00,001,405 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_navps.dat
[2009/09/20 13:00:00 | 00,003,330 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb.dat
[2009/09/19 12:19:49 | 00,000,857 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 11:38:56 | 00,000,862 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/15 12:49:30 | 00,002,609 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Word 2003.lnk
[2009/09/15 02:34:41 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/12 18:10:13 | 00,498,653 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_nav.dat
[2009/09/12 17:15:49 | 00,104,040 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/06 17:23:14 | 00,378,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/06 17:06:37 | 00,000,240 | ---- | M] () -- C:\Windows\win.ini
[2009/09/06 16:13:21 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/06 16:13:21 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/06 16:13:20 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/06 15:57:28 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/05 13:44:06 | 00,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2009/09/05 10:51:15 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/05 10:51:12 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/05 10:51:01 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/08/31 14:44:06 | 00,065,592 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2009/08/31 14:43:57 | 00,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark 4550 Printer.LNK
[2009/08/31 14:28:12 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/08/29 17:55:53 | 00,001,882 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/08/29 17:33:01 | 00,102,660 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\SystemLook.exe
[2009/08/29 16:54:37 | 00,000,929 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ThumbsPlus 3.0.lnk
[2009/08/29 16:52:31 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/29 16:52:31 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/29 16:13:21 | 00,392,320 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2009/08/29 16:13:21 | 00,032,768 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2009/08/29 16:13:12 | 00,114,048 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2009/08/29 16:13:07 | 00,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 10.0.lnk
[2009/08/29 14:17:48 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/08/29 14:17:37 | 00,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Thunderbird Email.lnk
[2009/08/29 04:41:42 | 01,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/08/29 04:40:31 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/29 00:31:54 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/28 22:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
========== LOP Check ==========
[2009/09/20 19:03:13 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming
[2009/08/21 18:21:19 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Devicescape
[2009/09/20 18:08:25 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Media Center Programs
[2009/09/20 22:47:35 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/08/17 16:45:36 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\OpenOffice.org
[2009/08/18 15:07:23 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Samsung
[2009/08/29 14:17:45 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
[2009/08/11 15:31:55 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\WinBatch
[2009/09/23 07:53:13 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/22 18:45:46 | 00,031,746 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
You are a treasure,
Jim.
OTL log:
OTL logfile created on: 23/09/2009 08:18:58 - Run 4
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\COMPUTER SURGERY\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91.69 Gb Total Space | 36.70 Gb Free Space | 40.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSH-A100-338
Current User Name: COMPUTER SURGERY
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe (irritation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Users\COMPUTER SURGERY\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AcrSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (lxdiCATSCustConnectService [Auto | Stopped]) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe (Lexmark International, Inc.)
SRV - (lxdi_device [Auto | Running]) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athrusb [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\athrusb.sys (Atheros Communications, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (snapman [Boot | Running]) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdm.sys (MCCI Corporation)
DRV - (StarOpen [System | Running]) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (tifsfilter [Auto | Running]) -- C:\Windows\System32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 14:51:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/29 17:56:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Common Files\Quick Time 7.5\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ekraixf] c:\users\computer surgery\appdata\local\ekraixf.exe (irritation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AirShare] C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\AirShareInstaller.exe 0;1;1;1.6.65;C File not found
O4 - Startup: C:\Users\COMPUTER SURGERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/09/21 16:05:32 | 00,000,971 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\OpenOffice.org Writer.lnk
[2009/09/20 22:07:09 | 00,102,660 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\SystemLook.exe
[2009/09/20 19:05:19 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\Documents\My Downloads
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/09/20 18:57:49 | 00,003,292 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.dat
[2009/09/20 18:57:49 | 00,001,338 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf_navps.dat
[2009/09/20 18:57:48 | 00,225,280 | ---- | C] (irritation) -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe
[2009/09/20 18:39:07 | 00,001,699 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/20 18:08:25 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2009/09/20 11:10:26 | 00,001,405 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_navps.dat
[2009/09/20 11:10:25 | 00,498,653 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_nav.dat
[2009/09/20 11:10:25 | 00,003,330 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb.dat
[2009/09/19 12:19:49 | 00,000,857 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 12:19:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PeaZip
[2009/09/19 11:42:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/19 11:38:56 | 00,000,862 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/19 11:38:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ERUNT
[2009/09/12 17:14:56 | 00,000,101 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
[2009/09/12 16:32:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\IE7 Pro
[2009/09/12 16:21:04 | 00,813,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/12 16:21:03 | 00,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/09/12 16:21:03 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/09/12 16:21:03 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/12 16:21:03 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/12 16:21:03 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/09/12 16:21:03 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/12 16:21:03 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/12 16:21:03 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/12 16:21:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/12 16:21:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/12 16:21:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/12 16:21:03 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/12 16:20:14 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/09/12 16:20:14 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/12 16:20:13 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/09/12 16:20:05 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/12 16:20:04 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/12 16:20:03 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/09/12 16:20:03 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/09/12 16:20:03 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/09/12 16:20:03 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/09/12 16:18:46 | 01,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/12 16:18:46 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/12 16:18:46 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/12 16:18:46 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/12 16:18:46 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/12 16:18:46 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/09/12 16:18:46 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/09/12 16:18:40 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/08 15:28:44 | 00,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2009/09/06 17:24:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/09/06 15:49:34 | 00,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/09/06 15:49:34 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/09/06 15:49:34 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/09/06 15:49:33 | 01,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/09/06 15:49:33 | 00,408,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/09/06 15:49:33 | 00,272,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/09/06 15:49:33 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/09/06 15:49:33 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/09/05 11:37:34 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/05 10:51:15 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/05 10:51:14 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/05 10:51:12 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/05 10:51:04 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/05 10:51:01 | 41,653,142 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/05 10:51:01 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/05 10:51:01 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/05 10:51:01 | 00,112,900 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/05 10:51:01 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/05 10:51:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/09/05 10:50:34 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/09/05 10:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/31 15:00:18 | 00,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2009/08/31 14:57:30 | 00,001,540 | ---- | C] () -- C:\ProgramData\lxdi
[2009/08/31 14:45:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2009/08/31 14:24:06 | 00,000,000 | ---D | C] -- C:\logs
[2009/08/31 14:20:31 | 00,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark 4550 Printer.LNK
[2009/08/31 14:20:04 | 01,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2009/08/31 14:19:37 | 00,503,808 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiutil.dll
[2009/08/31 14:19:37 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009/08/31 14:19:37 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009/08/31 14:19:37 | 00,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009/08/31 14:19:37 | 00,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2009/08/31 14:19:36 | 01,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009/08/31 14:19:36 | 00,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009/08/31 14:19:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009/08/31 14:19:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2009/08/31 14:19:35 | 00,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009/08/31 14:19:35 | 00,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009/08/31 14:19:35 | 00,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2009/08/31 14:19:35 | 00,208,896 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiinsb.dll
[2009/08/31 14:19:35 | 00,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiins.dll
[2009/08/31 14:19:35 | 00,143,360 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdijswr.dll
[2009/08/31 14:19:35 | 00,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiinsr.dll
[2009/08/31 14:19:34 | 00,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxdigf.dll
[2009/08/31 14:19:34 | 00,965,785 | ---- | C] () -- C:\Windows\System32\lxdihelp.chm
[2009/08/31 14:19:34 | 00,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009/08/31 14:19:34 | 00,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2009/08/31 14:19:34 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009/08/31 14:19:34 | 00,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicub.dll
[2009/08/31 14:19:34 | 00,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicu.dll
[2009/08/31 14:19:34 | 00,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicur.dll
[2009/08/31 14:19:33 | 00,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009/08/31 14:19:33 | 00,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2009/08/31 14:19:33 | 00,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2009/08/31 14:19:33 | 00,077,906 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxdicfg.dll
[2009/08/31 14:19:33 | 00,065,592 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2009/08/31 14:19:33 | 00,001,900 | ---- | C] () -- C:\Windows\System32\lxdi.loc
[2009/08/31 14:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
[2009/08/31 14:16:06 | 00,000,000 | ---D | C] -- C:\lexmark
[2009/08/31 14:15:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Lexmark X4450 driver
[2009/08/31 14:02:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/31 13:59:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/08/29 17:55:53 | 00,001,882 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/08/29 17:55:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/08/29 17:54:23 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\Apple
[2009/08/29 17:54:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/08/29 17:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/08/29 17:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Quick Time 7.5
[2009/08/29 17:16:50 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/08/29 16:54:37 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcrt40.w31
[2009/08/29 16:54:37 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcrt40.w32
[2009/08/29 16:54:37 | 00,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\System32\Deco_32.dll
[2009/08/29 16:54:37 | 00,000,929 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ThumbsPlus 3.0.lnk
[2009/08/29 16:54:36 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Pcdlib32.dll
[2009/08/29 16:54:36 | 00,125,952 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Dc50_32.dll
[2009/08/29 16:54:36 | 00,092,672 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Dc50ip32.dll
[2009/08/29 16:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thumbs32
[2009/08/29 16:52:31 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/29 16:52:31 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/29 16:31:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\FTP Commander
[2009/08/29 16:17:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2009/08/29 16:13:21 | 00,392,320 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2009/08/29 16:13:21 | 00,032,768 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2009/08/29 16:13:12 | 00,114,048 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2009/08/29 16:13:07 | 00,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 10.0.lnk
[2009/08/29 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2009/08/29 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Acronis
[2009/08/29 16:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis True Image 10
[2009/08/29 14:17:48 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Mozilla
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\Thunderbird
[2009/08/29 14:17:37 | 00,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Thunderbird Email.lnk
[2009/08/29 14:17:30 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/08/29 14:15:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thunderbird 2
[2009/08/29 09:39:43 | 01,871,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/29 09:39:42 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/08/29 09:39:42 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/08/29 09:39:40 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/29 09:39:31 | 10,621,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/29 09:39:26 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/29 09:39:25 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/29 09:39:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/29 09:39:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/29 09:39:23 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/29 09:39:21 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/29 09:39:21 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/29 09:39:15 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/08/29 09:39:15 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/29 09:39:15 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/08/29 09:39:15 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/08/29 09:39:15 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/08/29 09:39:15 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/08/29 09:39:06 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/29 09:36:56 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2009/08/29 09:36:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/29 09:36:10 | 00,000,000 | ---D | C] -- C:\ProgramData\WLInstaller
[2009/08/29 08:10:16 | 00,449,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athrusb.sys
[2009/08/29 08:10:16 | 00,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2009/08/29 08:10:16 | 00,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2009/08/29 08:10:16 | 00,016,384 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2009/08/29 08:10:16 | 00,013,312 | ---- | C] () -- C:\Windows\System32\VistaRundll.exe
[2009/08/29 07:59:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hawking HWU8DD
[2009/08/18 14:50:06 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/08/11 15:06:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/03/30 10:13:24 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007/03/23 15:44:46 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007/02/09 14:07:06 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007/01/23 19:40:16 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 01:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== Files - Modified Within 30 Days ==========
[2009/09/23 08:22:31 | 00,001,338 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf_navps.dat
[2009/09/23 08:21:58 | 00,003,292 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.dat
[2009/09/23 08:18:24 | 00,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/23 08:18:24 | 00,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/23 08:18:23 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/23 08:17:16 | 00,000,101 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
[2009/09/23 08:16:32 | 00,001,540 | ---- | M] () -- C:\ProgramData\lxdi
[2009/09/23 07:53:16 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/23 07:53:16 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/23 07:53:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/23 07:53:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/23 07:52:57 | 32,107,97056 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/22 12:22:58 | 06,291,456 | -H-- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\IconCache.db
[2009/09/22 09:35:02 | 41,653,142 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/22 09:34:33 | 00,112,900 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/21 16:05:32 | 00,000,971 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\OpenOffice.org Writer.lnk
[2009/09/20 18:57:48 | 00,225,280 | ---- | M] (irritation) -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.exe
[2009/09/20 18:39:07 | 00,001,699 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/20 13:00:02 | 00,001,405 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_navps.dat
[2009/09/20 13:00:00 | 00,003,330 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb.dat
[2009/09/19 12:19:49 | 00,000,857 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 11:38:56 | 00,000,862 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/15 12:49:30 | 00,002,609 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Word 2003.lnk
[2009/09/15 02:34:41 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/12 18:10:13 | 00,498,653 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_nav.dat
[2009/09/12 17:15:49 | 00,104,040 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/06 17:23:14 | 00,378,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/06 17:06:37 | 00,000,240 | ---- | M] () -- C:\Windows\win.ini
[2009/09/06 16:13:21 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/06 16:13:21 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/06 16:13:20 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/06 15:57:28 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/05 13:44:06 | 00,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2009/09/05 10:51:15 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/05 10:51:12 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/05 10:51:01 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/08/31 14:44:06 | 00,065,592 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2009/08/31 14:43:57 | 00,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark 4550 Printer.LNK
[2009/08/31 14:28:12 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/08/29 17:55:53 | 00,001,882 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/08/29 17:33:01 | 00,102,660 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\SystemLook.exe
[2009/08/29 16:54:37 | 00,000,929 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ThumbsPlus 3.0.lnk
[2009/08/29 16:52:31 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/29 16:52:31 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/29 16:13:21 | 00,392,320 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2009/08/29 16:13:21 | 00,032,768 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2009/08/29 16:13:12 | 00,114,048 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2009/08/29 16:13:07 | 00,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 10.0.lnk
[2009/08/29 14:17:48 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/08/29 14:17:37 | 00,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Thunderbird Email.lnk
[2009/08/29 04:41:42 | 01,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/08/29 04:40:31 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/29 00:31:54 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/28 22:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
========== LOP Check ==========
[2009/09/20 19:03:13 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming
[2009/08/21 18:21:19 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Devicescape
[2009/09/20 18:08:25 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Media Center Programs
[2009/09/20 22:47:35 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/08/17 16:45:36 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\OpenOffice.org
[2009/08/18 15:07:23 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Samsung
[2009/08/29 14:17:45 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
[2009/08/11 15:31:55 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\WinBatch
[2009/09/23 07:53:13 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/22 18:45:46 | 00,031,746 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
#14
JimByTheRiver
-
- Authentic Member
-
- 17 posts
New Member
Posted 23 September 2009 - 02:30 AM
Hi again 960,
And another thing...
All my email accounts have disappeared from Thunderbird 2.
Something appears to have cleaned it out.
No bother, I save the ones I need as text files.
And I can re-instate them all.
But... is this connected to Favourit?
Thanks,
Jim.
#15
JimByTheRiver
-
- Authentic Member
-
- 17 posts
New Member
Posted 23 September 2009 - 02:46 AM
Sorry 960,
Forget that last one.
I was signed in as 'Administrator' not 'Jim'.
If I had a brain, I'd be a brick.
All my email accounts are there.
Jim.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
