Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computers Will Be The Death Of Me


  • This topic is locked This topic is locked
28 replies to this topic

#16 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 23 September 2009 - 06:43 PM

Hi JimByTheRiver,

Your java is out of date. Click your start button, open Control panel.
  • Locate the Java icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now
After the java is updated, reboot your computer if not prompted to.



Next

Right click on OTL.exe and chose Run as Administrator to run it
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:OTL
O4 - HKCU..\Run: [ekraixf] c:\users\computer surgery\appdata\local\ekraixf.exe (irritation)
[2009/09/20 18:57:49 | 00,003,292 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.dat
[2009/09/20 18:57:49 | 00,001,338 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf_navps.dat
[2009/09/20 11:10:26 | 00,001,405 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_navps.dat
[2009/09/20 11:10:25 | 00,498,653 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_nav.dat
[2009/09/20 11:10:25 | 00,003,330 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\exabdb.dat
[2009/09/23 08:17:16 | 00,000,101 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat

:Commands
[emptytemp]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.

Download and save to your desktop Malwarebytes Anti-Malware

Right Click mbam-setup.exe and choose Run as Adminstrator to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Right click on OTL.exe and chose Run as Administrator to run it
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt This is saved in the same location as OTL.

Please post back with
  • OTL fix log
  • MBAM log
  • new OTL log
Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#17 JimByTheRiver

JimByTheRiver

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 24 September 2009 - 09:06 AM

Hello 960,

I sure hope that this is taking you less time than it's taking me!
I updated the Java. Could't find that pesky coffee cup, so went to Java website and downloaded the latest.

I'd like to know, if you can spare the time:

1.How did you pick up on the original files?
2.I'm sure you're going to tell me what procedures I should put in place...
3.How I make a donation.

Thanks,

Jim.

Logs follow:




First OTL run results:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ekraixf not found.
File c:\users\computer surgery\appdata\local\ekraixf.exe not found.
File C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf.dat not found.
File C:\Users\COMPUTER SURGERY\AppData\Local\ekraixf_navps.dat not found.
C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_navps.dat moved successfully.
C:\Users\COMPUTER SURGERY\AppData\Local\exabdb_nav.dat moved successfully.
C:\Users\COMPUTER SURGERY\AppData\Local\exabdb.dat moved successfully.
C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: COMPUTER SURGERY
->Temp folder emptied: 47353514 bytes
->Temporary Internet Files folder emptied: 59071981 bytes
->Java cache emptied: 25494212 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jim

User: jim.COMPUTERSURG-PC
->Temp folder emptied: 32284 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: jim.TOSH-A100-338
->Temp folder emptied: 625611 bytes
->Temporary Internet Files folder emptied: 2507298 bytes
->Java cache emptied: 25744137 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 38960467 bytes
RecycleBin emptied: 135464279 bytes

Total Files Cleaned = 319.75 mb


OTL by OldTimer - Version 3.0.14.0 log created on 09242009_140907

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

*************************



Malwarebytes Anti-Malware results:


Malwarebytes' Anti-Malware 1.41
Database version: 2854
Windows 6.0.6000

24/09/2009 15:25:00
mbam-log-2009-09-24 (15-25-00).txt

Scan type: Quick Scan
Objects scanned: 95528
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ognvwfn (Trojan.Agent.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\computer surgery\AppData\Local\ognvwfn.exe (Trojan.Agent.H) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-21-1983903222-3073567026-1821017724-1000\$R66CGNI.exe (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1983903222-3073567026-1821017724-1000\$RRMCDJM.exe (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Users\COMPUTER SURGERY\Local Settings\Application Data\ognvwfn_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

***********



Second OTL run results:

OTL logfile created on: 24/09/2009 15:40:05 - Run 5
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\COMPUTER SURGERY\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91.69 Gb Total Space | 37.98 Gb Free Space | 41.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSH-A100-338
Current User Name: COMPUTER SURGERY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Users\COMPUTER SURGERY\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AcrSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (lxdiCATSCustConnectService [Auto | Stopped]) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe (Lexmark International, Inc.)
SRV - (lxdi_device [Auto | Running]) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 14:51:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/29 17:56:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Common Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Common Files\Quick Time 7.5\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ognvwfn] c:\users\computer surgery\appdata\local\ognvwfn.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AirShare] C:\Program Files\Common Files\Adobe Reader 9.1.2 18Aug2009\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\AirShareInstaller.exe 0;1;1;1.6.65;C File not found
O4 - Startup: C:\Users\COMPUTER SURGERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/24 15:25:16 | 00,001,435 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ognvwfn_navps.dat
[2009/09/24 15:06:54 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Malwarebytes
[2009/09/24 15:06:53 | 00,000,947 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/24 15:06:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/24 15:06:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/24 15:06:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/24 15:06:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Malwarebytes' Anti-Malware
[2009/09/24 14:11:46 | 00,000,101 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
[2009/09/24 14:09:07 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/23 08:25:32 | 00,003,308 | ---- | C] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ognvwfn.dat
[2009/09/21 16:05:32 | 00,000,971 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\OpenOffice.org Writer.lnk
[2009/09/20 22:07:09 | 00,102,660 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\SystemLook.exe
[2009/09/20 19:05:19 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\Documents\My Downloads
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/09/20 18:39:07 | 00,001,699 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/20 18:08:25 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2009/09/19 12:19:49 | 00,000,857 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 12:19:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PeaZip
[2009/09/19 11:42:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/19 11:38:56 | 00,000,862 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/19 11:38:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ERUNT
[2009/09/12 16:32:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\IE7 Pro
[2009/09/12 16:18:46 | 01,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf

========== Files - Modified Within 14 Days ==========

[2009/09/24 15:36:55 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/24 15:36:55 | 00,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/24 15:36:55 | 00,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/24 15:29:46 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/24 15:29:46 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/24 15:29:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/24 15:29:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/24 15:29:25 | 32,107,97056 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/24 15:28:36 | 06,291,456 | -H-- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\IconCache.db
[2009/09/24 15:28:23 | 00,001,435 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ognvwfn_navps.dat
[2009/09/24 15:27:45 | 00,003,308 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\ognvwfn.dat
[2009/09/24 15:06:53 | 00,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/24 14:11:46 | 00,000,101 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
[2009/09/24 13:13:08 | 00,001,591 | ---- | M] () -- C:\ProgramData\lxdi
[2009/09/23 15:21:05 | 00,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2009/09/22 09:35:02 | 41,653,142 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/22 09:34:33 | 00,112,900 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/21 16:05:32 | 00,000,971 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\OpenOffice.org Writer.lnk
[2009/09/20 18:39:07 | 00,001,699 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/19 12:19:49 | 00,000,857 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 11:38:56 | 00,000,862 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/15 12:49:30 | 00,002,609 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Word 2003.lnk
[2009/09/15 02:34:41 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/12 17:15:49 | 00,104,040 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\GDIPFONTCACHEV1.DAT

========== LOP Check ==========

[2009/09/24 15:06:54 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming
[2009/08/21 18:21:19 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Devicescape
[2009/09/20 18:08:25 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Media Center Programs
[2009/09/20 22:47:35 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/08/17 16:45:36 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\OpenOffice.org
[2009/08/18 15:07:23 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Samsung
[2009/08/29 14:17:45 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
[2009/08/11 15:31:55 | 00,000,000 | ---D | M] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\WinBatch
[2009/09/24 15:29:41 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/24 15:28:41 | 00,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

#18 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 24 September 2009 - 05:45 PM

Hi JimByTheRiver,

1.How did you pick up on the original files?

They where in the logs and I didn't recognise them, research showed they were up to no good. ;)

2.I'm sure you're going to tell me what procedures I should put in place...

Yes, when we are done. MBAM picked up a few things that warrant a deeper look.

3.How I make a donation.

Click HERE , it will take you to the donation page. :)



Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Right click on ComboFix.exe, click Run as Administrator & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log and a new HJT (hijackthis) log.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#19 JimByTheRiver

JimByTheRiver

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 25 September 2009 - 05:38 AM

Good morning 960,

1.Once upon a time I had a computer that I actually used for doing things instead of fixing all the time. Whatever happened to those machines?

2.Enclosed is the ComboFix log. You'll see that no matter what I tried, I couldn't get AVG 8.5 off – tried the info you pointed to, tried going through AVG unticking, even disabled it on startup. Bit of a bugger, as we say here.

3.Not sure what 'Hijack this' means, so if there ain't no hijack, you're just getting the ComboFix log.
Okay, I got it. Log follows the ComboFix log.

4.Java point. After updating Java yesterday morning, last evening I read the Technology section of 'The Guardian' newspaper. There was a Java question:


Java update
Q: A Java update says: "update failed to
download, installation files required".

Have I perhaps deleted these files? John Mitchley.

JS: It's not worth trying to debug Java updates. Go to the Windows Control Panel, uninstall all the copies of Java, then run CCleaner (CCleaner.com) to clean up the registry and any orphaned files. Restart your PC, download and install a new Java from http://bit.ly/aj310.

Get your queries answered by Jack Schofield, our computer editor at jack.schofield@guardian.co.uk


Now, JimByTheRiver just downloaded the updated Java without uninstalling the old Java.
Am I okay?


5.If I'm keeping MalwareBytes Anti-Malware, should it be enabled on startup?

6.I'm going to the pub tonight.

Thanks,

Jim.



ComboFix 09-09-23.02 - COMPUTER SURGERY 25/09/2009 11:06.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3061.2094 [GMT 1:00]
Running from: c:\users\COMPUTER SURGERY\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\COMPUTER SURGERY\AppData\Local\ognvwfn.dat
c:\users\COMPUTER SURGERY\AppData\Local\ognvwfn_navps.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-25 10:11 . 2009-09-25 10:11 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Local\temp
2009-09-25 07:16 . 2009-09-25 07:38 -------- d-----w- c:\users\jim.TOSH-A100-338\Guardian Rubbish
2009-09-24 15:45 . 2009-09-24 15:45 -------- d-----w- c:\users\jim.TOSH-A100-338\AppData\Roaming\Malwarebytes
2009-09-24 14:06 . 2009-09-24 14:06 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Roaming\Malwarebytes
2009-09-24 14:06 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 14:06 . 2009-09-24 14:06 -------- d-----w- c:\program files\Common Files\Malwarebytes' Anti-Malware
2009-09-24 14:06 . 2009-09-24 14:06 -------- d-----w- c:\programdata\Malwarebytes
2009-09-24 14:06 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 13:11 . 2009-09-24 13:11 101 ----a-w- c:\users\COMPUTER SURGERY\AppData\Local\pipyjsc.bat
2009-09-24 13:09 . 2009-09-24 13:09 -------- d-----w- C:\_OTL
2009-09-24 12:52 . 2009-07-31 14:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-20 18:03 . 2009-09-20 21:47 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Roaming\MiniDm
2009-09-20 17:08 . 2009-09-20 17:08 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
2009-09-19 11:40 . 2009-09-19 11:51 -------- d-----w- c:\users\jim.TOSH-A100-338\AppData\Roaming\PeaZip
2009-09-19 11:19 . 2009-09-19 11:19 -------- d-----w- c:\program files\Common Files\PeaZip
2009-09-19 10:38 . 2009-09-19 10:39 -------- d-----w- c:\program files\Common Files\ERUNT
2009-09-19 08:17 . 2009-09-19 08:42 -------- d-----w- c:\users\jim.TOSH-A100-338\Viruses Spyware Problems
2009-09-15 15:17 . 2009-09-15 15:59 -------- d-----w- c:\users\Public\Merge Copying
2009-09-15 11:49 . 2009-09-15 11:49 -------- d-----w- c:\users\COMPUTER SURGERY\Office Genuine Advantage
2009-09-12 16:16 . 2009-09-12 16:16 -------- d-----w- c:\users\jim.TOSH-A100-338\AppData\Roaming\live-player
2009-09-12 16:07 . 2009-09-20 17:33 -------- d-----w- c:\users\jim.TOSH-A100-338\AppData\Roaming\MiniDm
2009-09-12 15:32 . 2009-09-12 15:35 -------- d-----w- c:\program files\Common Files\IE7 Pro
2009-09-12 15:20 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-09-12 15:20 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-12 15:20 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-12 15:20 . 2009-06-10 12:07 2855424 ----a-w- c:\windows\system32\mf.dll
2009-09-12 15:20 . 2009-06-10 12:07 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-12 15:20 . 2009-06-10 10:15 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-12 15:20 . 2009-06-10 10:14 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-12 15:20 . 2009-06-10 08:50 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-12 15:18 . 2009-07-11 19:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-12 15:18 . 2009-07-11 19:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-09-12 15:18 . 2009-07-11 19:32 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-12 15:18 . 2009-07-11 19:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-12 15:18 . 2009-07-11 19:32 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-12 15:18 . 2009-07-11 19:26 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-08 15:14 . 2009-09-08 18:03 -------- d-----w- c:\users\jim.TOSH-A100-338\Writing - not mine
2009-09-08 14:28 . 2009-09-08 14:29 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2009-09-07 15:41 . 2009-09-07 15:41 -------- d-----w- c:\users\jim.TOSH-A100-338\Office Genuine Advantage
2009-09-06 16:24 . 2009-09-06 16:24 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-06 14:49 . 2009-06-15 15:29 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-06 14:49 . 2009-06-15 15:25 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 14:49 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2009-09-06 14:49 . 2009-06-15 18:12 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-06 14:49 . 2009-06-15 15:28 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-06 14:49 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll
2009-09-06 14:49 . 2009-06-15 15:23 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-06 14:49 . 2009-06-15 13:10 7680 ----a-w- c:\windows\system32\lsass.exe
2009-09-05 10:37 . 2009-09-19 13:21 -------- d-----w- C:\$AVG8.VAULT$
2009-09-05 09:51 . 2009-09-06 15:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-05 09:51 . 2009-09-05 09:51 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-05 09:51 . 2009-09-06 15:13 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-05 09:51 . 2009-09-25 08:17 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-05 09:51 . 2009-09-06 15:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-05 09:50 . 2009-09-05 09:50 -------- d-----w- c:\programdata\avg8
2009-09-05 09:50 . 2009-09-05 09:50 -------- d-----w- c:\program files\AVG
2009-09-03 11:10 . 2009-09-15 15:54 -------- d-----w- c:\users\Public\Log of installed downloads and files from CD & DVD
2009-09-01 16:53 . 2009-09-01 16:57 -------- d-----w- c:\users\jim.TOSH-A100-338\Debbie and Jim - Mobile phone messages
2009-09-01 16:43 . 2009-09-01 16:43 -------- d-----w- c:\users\jim.TOSH-A100-338\AppData\Roaming\Samsung
2009-08-31 14:00 . 2009-09-08 14:16 -------- d-----w- c:\programdata\App4rTemp
2009-08-31 13:48 . 2009-08-31 13:48 -------- d-----w- c:\users\jim.TOSH-A100-338\AppData\Roaming\Lexmark Productivity Studio
2009-08-31 13:45 . 2009-09-25 09:27 -------- d-----w- c:\programdata\Lx_cats
2009-08-31 13:24 . 2009-08-31 13:24 -------- d-----w- C:\logs
2009-08-31 13:20 . 2007-02-19 15:00 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-08-31 13:18 . 2009-08-31 13:53 -------- d-----w- c:\program files\Lexmark 3500-4500 Series
2009-08-31 13:16 . 2009-08-31 13:16 -------- d-----w- C:\lexmark
2009-08-31 13:15 . 2009-08-31 13:15 -------- d-----w- c:\program files\Common Files\Lexmark X4450 driver
2009-08-31 13:02 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-31 12:59 . 2009-08-31 12:59 -------- d-----w- c:\program files\MSXML 4.0
2009-08-29 16:59 . 2009-08-29 16:59 -------- d-----w- c:\users\jim.TOSH-A100-338\AppData\Local\Apple Computer
2009-08-29 16:55 . 2009-08-29 16:55 -------- d-----w- c:\programdata\Apple Computer
2009-08-29 16:54 . 2009-08-29 16:54 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Local\Apple
2009-08-29 16:54 . 2009-08-29 16:54 -------- d-----w- c:\program files\Apple Software Update
2009-08-29 16:54 . 2009-08-29 16:54 -------- d-----w- c:\programdata\Apple
2009-08-29 16:50 . 2009-08-29 16:56 -------- d-----w- c:\program files\Common Files\Quick Time 7.5
2009-08-29 15:54 . 1996-07-17 11:45 227840 ----a-w- c:\windows\system32\Deco_32.dll
2009-08-29 15:54 . 1996-07-03 08:37 125952 ----a-w- c:\windows\system32\Dc50_32.dll
2009-08-29 15:54 . 1996-07-03 08:29 92672 ----a-w- c:\windows\system32\Dc50ip32.dll
2009-08-29 15:54 . 1995-07-31 11:44 212480 ----a-w- c:\windows\system32\Pcdlib32.dll
2009-08-29 15:54 . 2009-08-29 15:54 -------- d-----w- c:\program files\Common Files\Thumbs32
2009-08-29 15:31 . 2009-08-29 15:34 -------- d-----w- c:\program files\Common Files\FTP Commander
2009-08-29 15:13 . 2009-08-29 15:13 392320 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-29 15:13 . 2009-08-29 15:13 32768 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-29 15:13 . 2009-08-29 15:13 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-29 15:12 . 2009-08-29 15:13 -------- d-----w- c:\program files\Common Files\Acronis
2009-08-29 15:12 . 2009-08-29 15:12 -------- d-----w- c:\program files\Acronis
2009-08-29 15:02 . 2009-08-29 15:02 -------- d-----w- c:\program files\Common Files\Acronis True Image 10
2009-08-29 13:17 . 2009-08-29 13:18 -------- d-----w- c:\users\jim.TOSH-A100-338\AppData\Local\Thunderbird
2009-08-29 13:17 . 2009-08-29 13:17 -------- d-----w- c:\users\jim.TOSH-A100-338\AppData\Roaming\Thunderbird
2009-08-29 13:17 . 2009-08-29 13:17 0 ----a-w- c:\windows\nsreg.dat
2009-08-29 13:17 . 2009-08-29 13:17 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Local\Thunderbird
2009-08-29 13:17 . 2009-08-29 13:17 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
2009-08-29 13:17 . 2009-08-29 13:17 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-29 13:15 . 2009-08-29 13:15 -------- d-----w- c:\program files\Common Files\Thunderbird 2
2009-08-29 08:36 . 2009-08-29 08:42 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-08-29 08:36 . 2009-08-29 08:51 -------- d-----w- c:\program files\Windows Live
2009-08-29 08:36 . 2009-08-29 08:36 -------- d-----w- c:\programdata\WLInstaller
2009-08-29 07:10 . 2007-01-04 20:52 28672 ----a-w- c:\windows\system32\InsDrvZD.dll
2009-08-29 07:10 . 2007-01-04 20:49 16384 ----a-w- c:\windows\system32\InsDrvZD64.DLL
2009-08-29 07:10 . 2006-12-22 19:05 449536 ----a-w- c:\windows\system32\drivers\athrusb.sys
2009-08-29 07:10 . 2006-02-15 12:45 13312 ----a-w- c:\windows\system32\VistaRundll.exe
2009-08-29 07:10 . 2003-03-14 11:24 24576 ----a-w- c:\windows\system32\ZyDelReg.exe
2009-08-29 06:59 . 2009-08-29 07:10 -------- d-----w- c:\program files\Common Files\Hawking HWU8DD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 12:52 . 2009-08-17 15:40 -------- d-----w- c:\program files\Java
2009-09-12 16:15 . 2009-08-11 10:27 104040 ----a-w- c:\users\COMPUTER SURGERY\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-12 15:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-06 16:25 . 2009-08-15 21:24 104040 ----a-w- c:\users\jim.TOSH-A100-338\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-06 16:05 . 2009-08-11 14:04 -------- d-----w- c:\program files\Microsoft Works
2009-08-29 07:10 . 2009-08-11 14:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 07:07 . 2009-08-11 14:29 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-21 17:21 . 2009-08-21 17:19 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Roaming\Devicescape
2009-08-21 17:19 . 2009-08-21 17:19 -------- d-----w- c:\program files\thecloud
2009-08-21 17:17 . 2009-08-21 17:17 2619904 ----a-w- c:\users\jim.TOSH-A100-338\WiFi_fastconnect_XP_2.1.12.exe
2009-08-18 14:07 . 2009-08-18 14:07 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Roaming\Samsung
2009-08-18 14:05 . 2009-08-18 14:05 -------- d-----w- c:\program files\Samsung
2009-08-18 14:02 . 2009-08-18 13:43 -------- d-----w- c:\program files\Common Files\Samsung PC Studio
2009-08-18 13:35 . 2009-08-18 12:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-18 12:59 . 2009-08-18 12:28 -------- d-----w- c:\program files\Common Files\Adobe Reader 9.1.2 18Aug2009
2009-08-17 15:59 . 2009-08-17 15:59 -------- d-----w- c:\users\jim.TOSH-A100-338\AppData\Roaming\OpenOffice.org
2009-08-17 15:45 . 2009-08-17 15:45 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Roaming\OpenOffice.org
2009-08-17 15:42 . 2009-08-17 15:42 -------- d-----w- c:\program files\JRE
2009-08-17 15:42 . 2009-08-17 15:41 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-17 15:34 . 2009-08-17 15:21 -------- d-----w- c:\program files\Common Files\Open Office 3.1 17Aug2009
2009-08-14 17:16 . 2009-09-12 15:21 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-14 16:42 . 2009-09-12 15:21 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40 . 2009-09-12 15:21 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40 . 2009-09-12 15:21 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:19 . 2009-08-14 16:19 99864 ----a-w- c:\users\jim.COMPUTERSURG-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 14:25 . 2009-09-12 15:21 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25 . 2009-09-12 15:21 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25 . 2009-09-12 15:21 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25 . 2009-09-12 15:21 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25 . 2009-09-12 15:21 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25 . 2009-09-12 15:21 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25 . 2009-09-12 15:21 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:24 . 2009-09-12 15:21 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 14:23 . 2009-09-12 15:21 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-08-11 14:31 . 2009-08-11 14:31 -------- d-----w- c:\users\COMPUTER SURGERY\AppData\Roaming\WinBatch
2009-08-11 14:29 . 2009-08-11 14:29 -------- d-----w- c:\program files\TOSHIBA
2009-08-11 14:26 . 2009-08-11 14:26 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-08-11 14:05 . 2009-08-11 14:05 -------- d-----w- c:\program files\Common Files\L&H
2009-08-11 14:04 . 2009-08-11 14:04 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-11 14:02 . 2009-08-11 14:02 -------- d-----w- c:\program files\Microsoft.NET
2009-08-11 13:55 . 2009-08-11 13:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-08-11 13:55 . 2009-08-11 13:55 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-11 13:55 . 2009-08-11 13:55 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2009-08-11 13:55 . 2009-08-11 13:55 35896 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2009-08-11 13:55 . 2009-08-11 13:55 3 ----a-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2009-08-11 13:52 . 2009-08-11 13:52 268800 ----a-w- c:\windows\system32\es.dll
2009-08-11 13:51 . 2009-08-11 13:51 229888 ----a-w- c:\windows\system32\msshsq.dll
2009-08-11 13:51 . 2009-08-11 13:51 -------- d-----w- c:\program files\Synaptics
2009-08-11 13:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-11 13:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-11 13:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-11 13:25 . 2009-08-11 13:25 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-08-11 13:25 . 2009-08-11 13:25 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-08-11 13:25 . 2009-08-11 13:25 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-08-11 13:25 . 2009-08-11 13:25 272896 ----a-w- c:\windows\system32\polstore.dll
2009-08-11 13:22 . 2009-08-11 13:22 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-08-11 13:22 . 2009-08-11 13:22 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-08-11 13:22 . 2009-08-11 13:22 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-08-11 13:19 . 2009-08-11 13:19 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-08-11 13:19 . 2009-08-11 13:19 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-08-11 13:19 . 2009-08-11 13:19 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-11 13:17 . 2009-08-11 13:17 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-08-11 13:17 . 2009-08-11 13:17 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-08-11 13:17 . 2009-08-11 13:17 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-08-11 13:16 . 2009-08-11 13:16 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-08-11 13:16 . 2009-08-11 13:16 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-08-11 13:16 . 2009-08-11 13:16 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-08-11 13:16 . 2009-08-11 13:16 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-08-11 13:16 . 2009-08-11 13:16 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-08-11 13:16 . 2009-08-11 13:16 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2009-08-11 13:16 . 2009-08-11 13:16 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2009-08-11 13:16 . 2009-08-11 13:16 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-08-11 13:14 . 2009-08-11 13:14 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-08-11 13:14 . 2009-08-11 13:14 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-08-11 13:13 . 2009-08-11 13:13 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-08-11 13:12 . 2009-08-11 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-08-11 13:12 . 2009-08-11 13:12 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-11 13:12 . 2009-08-11 13:12 24064 ----a-w- c:\windows\system32\lpk.dll
2009-08-11 13:12 . 2009-08-11 13:12 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-08-11 13:12 . 2009-08-11 13:12 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-11 13:12 . 2009-08-11 13:12 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-11 13:09 . 2009-08-11 13:09 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-08-11 13:09 . 2009-08-11 13:09 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-08-11 13:05 . 2009-08-11 13:05 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-08-11 13:02 . 2009-08-11 13:02 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-08-11 13:01 . 2009-08-11 13:01 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2009-08-11 13:01 . 2009-08-11 13:01 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-11 12:59 . 2009-08-11 12:59 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-08-11 12:58 . 2009-08-11 12:58 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-08-11 12:57 . 2009-08-11 12:57 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-08-11 12:57 . 2009-08-11 12:57 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-08-11 12:54 . 2009-08-11 12:54 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-08-11 12:53 . 2009-08-11 12:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-08-11 12:53 . 2009-08-11 12:53 1194496 ----a-w- c:\windows\system32\msxml3.dll
2009-08-11 12:51 . 2009-08-11 12:51 414208 ----a-w- c:\windows\system32\msscp.dll
2009-08-11 12:50 . 2009-08-11 12:50 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-08-11 12:49 . 2009-08-11 12:49 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-08-11 12:49 . 2009-08-11 12:49 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-08-11 12:49 . 2009-08-11 12:49 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-08-11 12:49 . 2009-08-11 12:49 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-08-11 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-08-11 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"QuickTime Task"="c:\program files\Common Files\Quick Time 7.5\QTTask.exe" [2008-05-27 413696]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Common Files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\COMPUTER SURGERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EE91EAB4-FFD3-4FA5-9C40-AD6F43A09D53}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{463BF0C9-9546-4464-B7F7-D8AA741850F8}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{937B16B6-5B46-4C47-AF8C-C9FE7490A90B}"= UDP:c:\users\COMPUTER SURGERY\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{14ADAFDB-37FE-4C75-8BAA-7CCBB282D5D3}"= TCP:c:\users\COMPUTER SURGERY\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{B866A930-5EC2-42DF-BD79-B491A12395D3}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{178F4737-5E3C-4A22-A3C9-BBD8EDFAAF78}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{EA3B3F61-5C4A-47A0-BA3B-3438053C07CC}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{1C61EFB1-1C5F-4CC6-8945-B3FC676F1888}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{C77D25E2-0BC1-4594-B91E-D464533D42CF}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{F1C61CF2-C1FE-4D6F-80C3-EE5C80B3C08B}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{4B3EBB92-129E-4D67-8D98-5483338CD2E6}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{E1F35C77-2117-495D-A40D-13447886436E}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{9460DD2E-4408-4799-BB56-28CA109E9454}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{343F20C0-2B9C-4C27-8EE3-DD2777A15B23}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{0D17431E-C64E-447D-9013-3A91BB449163}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{20DC58D2-638C-41CA-B3B0-D7A83B8E7A2B}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{0F642881-2391-44FF-A419-AE3570FFA368}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A0C8E22D-A1C1-4E37-8789-A675E77D9CCC}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\IE7 Pro\\IEPro\\MiniDM.exe"= c:\program files\Common Files\IE7 Pro\IEPro\MiniDM.exe:*:Enabled:MiniDM

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [05/09/2009 10:51 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [05/09/2009 10:51 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/09/2009 10:50 297752]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29/08/2009 08:10 449536]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [11/08/2009 15:29 7168]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15:40 3668480]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdiserv.exe [11/06/2007 10:14 99248]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ognvwfn - c:\users\computer surgery\appdata\local\ognvwfn.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Common Files\Adobe Reader 9.1.2
HKLM-RunOnce-AirShare - c:\program files\Common Files\Adobe Reader 9.1.2



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-25 11:11
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-09-25 11:13
ComboFix-quarantined-files.txt 2009-09-25 10:13

Pre-Run: 40,341,016,576 bytes free
Post-Run: 41,106,538,496 bytes free

343 --- E O F --- 2009-09-18 14:43

**********


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:00, on 25/09/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lexmark 3500-4500 Series\App4R.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Common Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Common Files\Quick Time 7.5\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Common Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe

--
End of file - 5664 bytes

#20 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 25 September 2009 - 10:05 PM

Hi JimByTheRiver,

.Once upon a time I had a computer that I actually used for doing things instead of fixing all the time. Whatever happened to those machines?

The internet and people who have nothing better to do than write this crud.

3.Not sure what 'Hijack this' means, so if there ain't no hijack, you're just getting the ComboFix log.
Okay, I got it. Log follows the ComboFix log.

:smack: My opologies for that. I forgot to remove it from the instructions.

4.Java point. After updating Java yesterday morning, last evening I read the Technology section of 'The Guardian' newspaper. There was a Java question:

Now, JimByTheRiver just downloaded the updated Java without uninstalling the old Java.
Am I okay?

The old version should be uninstalled as it has vulnerablities fixed by the newest version.

5.If I'm keeping MalwareBytes Anti-Malware, should it be enabled on startup?

The version you have is the free version. It will become non resident or on demand after a short trial period. It is a program I recommend you keep and use weekly.

6.I'm going to the pub tonight.

Good plan. :thumbup:



Ok, back to work.

In windows explorer, navigate to this folder

c:\users\COMPUTER SURGERY\AppData\Local

In the right hand panel, locate this file, pipyjsc.bat . Right click it and select delete.


Next

Uninstall the old version of Java,

Java™ 6 Update 13

Do not uninstall the new one you just installed. ;)



Next

I'll have you do an online scan.

Please note: As a Vista user you will need to right click your Browser Icon, (internet Explore or FireFox) and click Run as Adminstrator to launch your browser.

  • Please do not browse anywhere else except to do this scan as your browser will have Adminstrator rights
  • After the scan has completed and you have saved the log, please close that browser
  • Open a new browser the usual way and post the requested logs

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions.
  • You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computerr under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Change the Files of type to Text file (.txt)
  • Set the Save In to Desktop
  • click the Save button.
  • Please post this log in your next reply.

Please post back with
  • Kaspersky log
  • new OTL log

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#21 JimByTheRiver

JimByTheRiver

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 26 September 2009 - 10:39 AM

Sorry 960, I've let you down today. Not been able to do anything: 1. Been trying to resurrect my Paypal Account. 2. Had a workman in the house. Nothing to do with the hangover, honest. Should be okay to tackle tomorrow. Thanks, Jim.

#22 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 26 September 2009 - 11:24 AM

Hi JimByTheRiver,

Thanks for letting me know.

Nothing to do with the hangover, honest.

I believe you, those things are just mythes anyway.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#23 JimByTheRiver

JimByTheRiver

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 27 September 2009 - 10:11 AM

Hello 960,

1.pipyjsc.bat deleted.

2.Can't seem to find Java 6 Update 13. If I can upload a zip to you, have a look at the three screenshots in the zip file.

3.Kaspersky – No threats found! Log follows. You never told me that, while downloading and running it, my fingernails would grow 6 inches.

4.OTL log after Kaspersky.

5.My life won't be the same without you....

Thanks,

Jim.



********

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 27, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 27, 2009 14:51:17
Records in database: 2927741
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 103987
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:27:18

No threats found. Scanned area is clean.

Selected area has been scanned.


*********

OTL logfile created on: 27/09/2009 16:41:15 - Run 6
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\COMPUTER SURGERY\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 94.80% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91.69 Gb Total Space | 37.74 Gb Free Space | 41.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSH-A100-338
Current User Name: COMPUTER SURGERY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Users\COMPUTER SURGERY\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AcrSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (lxdiCATSCustConnectService [Auto | Stopped]) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe (Lexmark International, Inc.)
SRV - (lxdi_device [Auto | Running]) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athrusb [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\athrusb.sys (Atheros Communications, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (snapman [Boot | Running]) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdm.sys (MCCI Corporation)
DRV - (StarOpen [System | Running]) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (tifsfilter [Auto | Running]) -- C:\Windows\System32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 14:51:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/29 17:56:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Common Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Common Files\Quick Time 7.5\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\COMPUTER SURGERY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Common Files\IE7 Pro\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/27 13:39:39 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\PeaZip
[2009/09/25 12:28:44 | 00,001,892 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\HijackThis.lnk
[2009/09/25 12:28:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hijack This
[2009/09/25 12:25:15 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\COMPUTER SURGERY\Desktop\HJTInstall.exe
[2009/09/25 11:13:28 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/09/25 11:13:28 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\temp
[2009/09/25 11:13:27 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/09/25 11:04:54 | 00,229,888 | ---- | C] () -- C:\Windows\PEV.exe
[2009/09/25 11:04:54 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/09/25 11:04:54 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/09/25 11:04:54 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/09/25 11:04:54 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/09/25 11:04:54 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/09/25 11:04:54 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/09/25 11:04:54 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/09/25 11:04:48 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/09/25 10:44:10 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/25 09:33:08 | 03,318,656 | R--- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ComboFix.exe
[2009/09/24 15:06:54 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Malwarebytes
[2009/09/24 15:06:53 | 00,000,947 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/24 15:06:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/24 15:06:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/24 15:06:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/24 15:06:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Malwarebytes' Anti-Malware
[2009/09/24 14:09:07 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/24 13:52:40 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/09/24 13:52:40 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/09/24 13:52:40 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/09/24 13:52:40 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/09/21 16:05:32 | 00,000,971 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\OpenOffice.org Writer.lnk
[2009/09/20 22:07:09 | 00,102,660 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\SystemLook.exe
[2009/09/20 19:05:19 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\Documents\My Downloads
[2009/09/20 19:03:13 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\MiniDm
[2009/09/20 18:39:07 | 00,001,699 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/20 18:08:25 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Lexmark Productivity Studio
[2009/09/19 12:19:49 | 00,000,857 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 12:19:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PeaZip
[2009/09/19 11:42:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/19 11:38:56 | 00,000,862 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/19 11:38:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ERUNT
[2009/09/12 16:32:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\IE7 Pro
[2009/09/12 16:21:04 | 00,813,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/12 16:21:03 | 00,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/09/12 16:21:03 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/09/12 16:21:03 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/12 16:21:03 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/12 16:21:03 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/09/12 16:21:03 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/12 16:21:03 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/12 16:21:03 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/12 16:21:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/12 16:21:03 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/12 16:21:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/12 16:21:03 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/12 16:20:14 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/09/12 16:20:14 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/12 16:20:13 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/09/12 16:20:05 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/12 16:20:04 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/12 16:20:03 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/09/12 16:20:03 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/09/12 16:20:03 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/09/12 16:20:03 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/09/12 16:18:46 | 01,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/12 16:18:46 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/12 16:18:46 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/12 16:18:46 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/12 16:18:46 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/12 16:18:46 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/09/12 16:18:46 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/09/12 16:18:40 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/08 15:28:44 | 00,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2009/09/06 17:24:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/09/06 15:49:34 | 00,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/09/06 15:49:34 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/09/06 15:49:34 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/09/06 15:49:33 | 01,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/09/06 15:49:33 | 00,408,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/09/06 15:49:33 | 00,272,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/09/06 15:49:33 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/09/06 15:49:33 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/09/05 11:37:34 | 00,000,000 | ---D | C] -- C:\$AVG8.VAULT$
[2009/09/05 10:51:15 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/05 10:51:14 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/05 10:51:12 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/05 10:51:04 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/05 10:51:01 | 41,751,848 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/05 10:51:01 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/05 10:51:01 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/05 10:51:01 | 00,112,900 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/05 10:51:01 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/05 10:51:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/09/05 10:50:34 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/09/05 10:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/31 15:00:18 | 00,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2009/08/31 14:57:30 | 00,001,800 | ---- | C] () -- C:\ProgramData\lxdi
[2009/08/31 14:45:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2009/08/31 14:24:06 | 00,000,000 | ---D | C] -- C:\logs
[2009/08/31 14:20:31 | 00,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark 4550 Printer.LNK
[2009/08/31 14:20:04 | 01,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2009/08/31 14:19:37 | 00,503,808 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiutil.dll
[2009/08/31 14:19:37 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009/08/31 14:19:37 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009/08/31 14:19:37 | 00,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009/08/31 14:19:37 | 00,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2009/08/31 14:19:36 | 01,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009/08/31 14:19:36 | 00,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009/08/31 14:19:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009/08/31 14:19:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2009/08/31 14:19:35 | 00,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009/08/31 14:19:35 | 00,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009/08/31 14:19:35 | 00,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2009/08/31 14:19:35 | 00,208,896 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiinsb.dll
[2009/08/31 14:19:35 | 00,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiins.dll
[2009/08/31 14:19:35 | 00,143,360 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdijswr.dll
[2009/08/31 14:19:35 | 00,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdiinsr.dll
[2009/08/31 14:19:34 | 00,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxdigf.dll
[2009/08/31 14:19:34 | 00,965,785 | ---- | C] () -- C:\Windows\System32\lxdihelp.chm
[2009/08/31 14:19:34 | 00,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009/08/31 14:19:34 | 00,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2009/08/31 14:19:34 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009/08/31 14:19:34 | 00,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicub.dll
[2009/08/31 14:19:34 | 00,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicu.dll
[2009/08/31 14:19:34 | 00,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdicur.dll
[2009/08/31 14:19:33 | 00,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009/08/31 14:19:33 | 00,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2009/08/31 14:19:33 | 00,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2009/08/31 14:19:33 | 00,077,906 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxdicfg.dll
[2009/08/31 14:19:33 | 00,065,592 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2009/08/31 14:19:33 | 00,001,900 | ---- | C] () -- C:\Windows\System32\lxdi.loc
[2009/08/31 14:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
[2009/08/31 14:16:06 | 00,000,000 | ---D | C] -- C:\lexmark
[2009/08/31 14:15:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Lexmark X4450 driver
[2009/08/31 14:02:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/31 13:59:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/08/29 17:55:53 | 00,001,882 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/08/29 17:55:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/08/29 17:54:23 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\Apple
[2009/08/29 17:54:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/08/29 17:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/08/29 17:50:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Quick Time 7.5
[2009/08/29 17:16:50 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/08/29 16:54:37 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcrt40.w31
[2009/08/29 16:54:37 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcrt40.w32
[2009/08/29 16:54:37 | 00,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\System32\Deco_32.dll
[2009/08/29 16:54:37 | 00,000,929 | ---- | C] () -- C:\Users\COMPUTER SURGERY\Desktop\ThumbsPlus 3.0.lnk
[2009/08/29 16:54:36 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Pcdlib32.dll
[2009/08/29 16:54:36 | 00,125,952 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Dc50_32.dll
[2009/08/29 16:54:36 | 00,092,672 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\Dc50ip32.dll
[2009/08/29 16:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thumbs32
[2009/08/29 16:52:31 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/29 16:52:31 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/29 16:31:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\FTP Commander
[2009/08/29 16:17:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2009/08/29 16:13:21 | 00,392,320 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2009/08/29 16:13:21 | 00,032,768 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2009/08/29 16:13:12 | 00,114,048 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2009/08/29 16:13:07 | 00,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 10.0.lnk
[2009/08/29 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2009/08/29 16:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Acronis
[2009/08/29 16:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis True Image 10
[2009/08/29 14:17:48 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Thunderbird
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Roaming\Mozilla
[2009/08/29 14:17:44 | 00,000,000 | ---D | C] -- C:\Users\COMPUTER SURGERY\AppData\Local\Thunderbird
[2009/08/29 14:17:37 | 00,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Thunderbird Email.lnk
[2009/08/29 14:17:30 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/08/29 14:15:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thunderbird 2
[2009/08/29 09:39:43 | 01,871,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/29 09:39:42 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/08/29 09:39:42 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/08/29 09:39:40 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/29 09:39:31 | 10,621,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/29 09:39:26 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/29 09:39:25 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/29 09:39:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/29 09:39:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/29 09:39:23 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/29 09:39:21 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/29 09:39:21 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/29 09:39:15 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/08/29 09:39:15 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/29 09:39:15 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/08/29 09:39:15 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/08/29 09:39:15 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/08/29 09:39:15 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/08/29 09:39:06 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/29 09:36:56 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2009/08/29 09:36:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/29 09:36:10 | 00,000,000 | ---D | C] -- C:\ProgramData\WLInstaller
[2009/08/29 08:10:16 | 00,449,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athrusb.sys
[2009/08/29 08:10:16 | 00,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2009/08/29 08:10:16 | 00,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2009/08/29 08:10:16 | 00,016,384 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2009/08/29 08:10:16 | 00,013,312 | ---- | C] () -- C:\Windows\System32\VistaRundll.exe
[2009/08/29 07:59:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hawking HWU8DD
[2009/08/18 14:50:06 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/08/11 15:06:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/03/30 10:13:24 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007/03/23 15:44:46 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007/02/09 14:07:06 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007/01/23 19:40:16 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 01:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2009/09/27 16:08:34 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/27 16:08:34 | 00,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/27 14:14:46 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/27 14:14:46 | 00,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/27 14:14:46 | 00,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/27 14:08:33 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/27 14:08:30 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/27 14:08:26 | 32,107,97056 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/27 14:07:38 | 02,911,066 | -H-- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\IconCache.db
[2009/09/26 15:50:44 | 00,001,800 | ---- | M] () -- C:\ProgramData\lxdi
[2009/09/25 12:28:44 | 00,001,892 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\HijackThis.lnk
[2009/09/25 12:25:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\COMPUTER SURGERY\Desktop\HJTInstall.exe
[2009/09/25 11:11:54 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/09/25 10:24:57 | 00,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2009/09/25 09:17:38 | 41,751,848 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/24 15:06:53 | 00,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/23 22:38:34 | 03,318,656 | R--- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ComboFix.exe
[2009/09/22 09:34:33 | 00,112,900 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/21 16:05:32 | 00,000,971 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\OpenOffice.org Writer.lnk
[2009/09/20 18:39:07 | 00,001,699 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Notepad.lnk
[2009/09/19 12:19:49 | 00,000,857 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\PeaZip.lnk
[2009/09/19 11:38:56 | 00,000,862 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\NTREGOPT.lnk
[2009/09/19 11:38:55 | 00,000,843 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ERUNT.lnk
[2009/09/15 12:49:30 | 00,002,609 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\Word 2003.lnk
[2009/09/15 02:34:41 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\COMPUTER SURGERY\Desktop\OTL.exe
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\Windows\PEV.exe
[2009/09/12 17:15:49 | 00,104,040 | ---- | M] () -- C:\Users\COMPUTER SURGERY\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/06 17:23:14 | 00,378,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/06 17:06:37 | 00,000,240 | ---- | M] () -- C:\Windows\win.ini
[2009/09/06 16:13:21 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/06 16:13:21 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/06 16:13:20 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/06 15:57:28 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/05 10:51:15 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/05 10:51:12 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/05 10:51:01 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/08/31 14:44:06 | 00,065,592 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2009/08/31 14:43:57 | 00,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark 4550 Printer.LNK
[2009/08/31 14:28:12 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/08/29 17:55:53 | 00,001,882 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/08/29 17:33:01 | 00,102,660 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\SystemLook.exe
[2009/08/29 16:54:37 | 00,000,929 | ---- | M] () -- C:\Users\COMPUTER SURGERY\Desktop\ThumbsPlus 3.0.lnk
[2009/08/29 16:52:31 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/29 16:52:31 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/29 16:13:21 | 00,392,320 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2009/08/29 16:13:21 | 00,032,768 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2009/08/29 16:13:12 | 00,114,048 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2009/08/29 16:13:07 | 00,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 10.0.lnk
[2009/08/29 14:17:48 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/08/29 14:17:37 | 00,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Thunderbird Email.lnk
[2009/08/29 04:41:42 | 01,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/08/29 04:40:31 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/29 00:31:54 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/28 22:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
< End of report >

Attached Files



#24 JimByTheRiver

JimByTheRiver

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 27 September 2009 - 10:45 AM

P.S. Just make up a profile. And change your handle. In an era such as ours, the word 'oldman' does not equate to 'wise,' I'm afraid. You can be who and what you want on the web. And write any old rubbish, as you've peeked. Short story: When I was eighteen, and an apprentice, I had a good idea that everyone in the factory over the age of 25 was close to being dead. And I knew - WAS ABSOLUTELY CERTAIN - that everyone over the age of 30 already had their coffin on order. Which reminds me.... All good things, Jim.

#25 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 27 September 2009 - 11:59 AM

Hi JimByTheRiver,

Looks like the old version of java is gone, so don't worry about it.

If no other problems, we can clean up our tools.

From your desktop, please delete, if present
  • ,
  • any notepads/logs that we created
  • Win32kDiag.exe
  • RootRepeal
  • DDS.scr

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /u


Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep MBAM updated and use it regularly.


Updates and upgrades

* If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the cirtical updates installed (Free) Microsoft Office Update


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have the first 3, just add a firewall.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for tips, reviews and links to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware, IMO)


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.

Important! Windows Vista requires special instructions See HERE

-Secure your Internet Explorer


From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis


- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.


- Keep your antivirus program updated, as well as any other security programs you have.


-Check this site out to check for out of date programs
Secunia Personal Software Inspector (PSI) 1.0

-More tips and programs can be found HERE

- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879

We will keep this thread open for a couple of days. Please post back if you have any problems or questions. Please post back when you have finished so this thread can be marked "Resolved".

Take care :adios:

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#26 JimByTheRiver

JimByTheRiver

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 28 September 2009 - 09:53 AM

Goodbye WiseBird960, I'll follow your final instructions. And save the whole topic to ram home the lessons Thanks for everything, JimByTheRiver.

#27 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 28 September 2009 - 06:05 PM

Hi JimByTheRiver, You are very welcome. Take care, keep safe.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#28 JimByTheRiver

JimByTheRiver

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 29 September 2009 - 05:37 AM

Just a final point, 960 (and anyone else who reads this): You probably realise this but, it's taken this problem to make me think about it: After following 960's final suggestions and links, my first thought was that my computer's first line of defence needs to be the web browser. But once your computer is infected, few (relatively-speaking) non-technical people are going to come to this website and go through a week of disinfecting, even with 960's excellent advice. Thus my second thought. Malware has to be stopped well before it gets to your computer. And that means the like of Google et al must take charge of the problem. They have the numbers of people to attack the problem. Googlemail, for example, which I use, rarely gets any junk email. Google have got on top of that; they need to get on top of the malware problem. This is only going to get worse. The likes of Nokia, Samsung, etc. will have to become involved as, shortly, everyone's going to be accessing the full internet whilst on the move. It's just a thought. But we need to make sure that we tell these companies this. In the meantime, of course, the people on this website are a magnificent help to the world community. But the vast majority of people will never get here. The problem of malware is going to become bigger; it needs bigger resources to tackle it.

#29 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 01 October 2009 - 07:06 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users