Inactive HJT log, probably should reformat?

Here's the first one:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ deleted successfully.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ deleted successfully.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06013ccd-a3ae-11dd-a474-001c25e73a10}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06013ccd-a3ae-11dd-a474-001c25e73a10}\ not found.
File J:\StormF1.exe not found.
File C:\Users\Larry\Desktop\4 7 10 xt7y8865.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\oobe_av scheduled to be deleted on reboot.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Larry
->Temp folder emptied: 1884674 bytes
->Temporary Internet Files folder emptied: 37529798 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 969 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 61440 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10907 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.0 log created on 04092010_173529

Files\Folders moved on Reboot...
C:\Users\Larry\AppData\Local\Temp\Low\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
C:\Users\Larry\AppData\Local\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SUFV8KMC\producthistory[1].htm moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SUFV8KMC\votd_rss[1].xml moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OF5O8MMW\votd_rss[1].xml moved successfully.
File\Folder C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I70MVVA4\index[1].htm not found!
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2BSM4SH\iframescript[1].htm moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2BSM4SH\L[3].htm moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2BSM4SH\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LD6V16TL\afr[1].htm moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV8Q8R91\92326-active-hjt-log-probably-should-reformat-2[1].html moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV8Q8R91\ads[9].htm moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV8Q8R91\iframescript[1].htm moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV8Q8R91\iframescript[3].htm moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV8Q8R91\iframescript[4].htm moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQTU5Q11\iframescript[5].htm moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQTU5Q11\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\SysNative\153B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\259D.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\3A07.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\4836.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\5DBB.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\72C4.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\7F4D.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\9F1E.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\B021.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\B416.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6VGRUY5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8V02A6RL\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8232Z2LJ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48Q663YG\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\oobe_av scheduled to be deleted at reboot.

 

Running again, it came up filled with black and said "not responding "
Am running that again...

 

OTL logfile created on: 4/9/2010 18:02:45 - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Larry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 403.27 Gb Free Space | 88.70% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.15 Gb Free Space | 10.35% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 1.14 Gb Free Space | 26.07% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LARRY-PC
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/08 17:47:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
PRC - [2010/04/07 00:22:55 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/03/23 16:33:58 | 000,594,144 | ---- | M] (Greatis Software) -- C:\Program Files (x86)\UnHackMeB\hackmon.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/03/09 09:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/01 17:58:40 | 001,915,496 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
PRC - [2010/02/25 00:33:21 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/02/15 22:15:25 | 000,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Anti-Dialer\a2service.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/12/24 18:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 18:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2009/09/09 15:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/12/18 00:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 12:29:55 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/02 09:50:28 | 000,655,640 | ---- | M] (Uniblue) -- C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
PRC - [2008/03/17 12:59:04 | 002,503,976 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 17:47:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
MOD - [2010/02/26 08:16:18 | 000,213,912 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2010/02/23 20:06:39 | 000,211,288 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Anti-Malware\a2hooks32.dll
MOD - [2010/01/01 23:38:20 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/11/26 21:35:06 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/08/27 20:40:11 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2008/01/20 19:51:41 | 002,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2008/01/20 19:50:46 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2008/01/20 19:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 19:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 01:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV:64bit: - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV:64bit: - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV:64bit: - [2009/07/02 19:42:36 | 000,017,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/01/20 19:52:05 | 000,521,216 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 08:37:22 | 000,412,672 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/03/01 17:58:40 | 001,915,496 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/02/15 22:15:25 | 000,425,080 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\a-squared Anti-Dialer\a2service.exe -- (a2AntiDialer)
SRV - [2009/12/24 18:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2008/12/18 00:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/27 11:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/06 17:49:34 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/03/30 13:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Extensions
[2009/03/30 13:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Firefox\Profiles\e5uatadm.default\extensions
[2009/03/30 13:45:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/09 17:37:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [a-squared Anti-Dialer] C:\Program Files (x86)\a-squared Anti-Dialer\a2adguard.exe (a-squared)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy 7\SpybotSD.exe (Safer Networking Limited)
O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Program Files (x86)\TM\blackjack\HijackThis.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue ProcessQuickLink 2] C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
O4 - HKLM..\RunOnce: [OTL] C:\Users\Larry\Desktop\OTL.exe (OldTimer Tools)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([my.screenname] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([social.answers] https in Trusted sites)
O15 - HKCU\..Trusted Domains: thesaurus.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsbbs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsbbs.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] https in Trusted sites)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/02 01:41:47 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/02 01:41:47 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/04/05 18:37:22 | 000,000,000 | RH-- | M] () - E:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2010/04/05 18:37:22 | 000,000,126 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\SysWow64\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/09 17:35:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/09 16:41:35 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Local\Threat Expert
[2010/04/09 16:29:08 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Larry\Desktop\TFC.exe
[2010/04/09 02:32:05 | 007,184,528 | ---- | C] (IObit ) -- C:\Users\Larry\Desktop\advanced system care-setup.exe
[2010/04/09 01:45:28 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/04/09 01:45:27 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/04/09 01:45:27 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/04/09 01:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/09 01:41:37 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\PC Tools
[2010/04/09 01:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/09 01:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/04/09 01:40:46 | 036,590,872 | ---- | C] (PC Tools ) -- C:\Users\Larry\Desktop\4 8 10 sdsetup.exe
[2010/04/08 17:47:40 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/04/08 01:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/08 01:00:17 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Larry\Desktop\mbam-setup-1.45.exe
[2010/04/07 23:41:51 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2010/04/07 23:41:01 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Larry\Desktop\HijackThisInstaller.exe
[2010/04/07 20:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/04/06 16:11:40 | 000,472,064 | ---- | C] ( ) -- C:\Users\Larry\Desktop\RootRepeal.exe
[2010/04/05 14:03:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%windr%
[2010/03/28 19:13:54 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Local\ElevatedDiagnostics
[2010/03/28 17:31:02 | 001,936,640 | ---- | C] (ParetoLogic Inc.) -- C:\Users\Larry\Desktop\RegCureSetup_RW.exe
[2010/03/28 16:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/03/28 15:50:26 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/03/28 05:48:48 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\BURN TO DISK
[2010/03/28 04:57:17 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Local\Adobe
[2010/03/28 03:43:39 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Ebay wrong email
[2009/04/06 17:35:34 | 000,580,448 | ---- | C] (Neuber GmbH) -- C:\Users\Larry\TaskMan.exe
[2007/03/05 17:42:06 | 000,048,768 | ---- | C] (Neuber GmbH - www.neuber.com) -- C:\Users\Larry\SpyProDll.dll
[2007/03/05 17:41:54 | 000,107,616 | ---- | C] (Neuber GmbH) -- C:\Users\Larry\Setup.exe
[2007/03/05 17:41:42 | 000,070,240 | ---- | C] (Neuber GmbH) -- C:\Users\Larry\uninstal.exe
[2007/03/05 17:39:18 | 000,114,248 | ---- | C] (Neuber Software GmbH - www.neuber.com) -- C:\Users\Larry\SpyProtector.exe
[2007/03/05 17:16:04 | 000,048,768 | ---- | C] (Neuber GmbH - www.neuber.com) -- C:\Users\Larry\ascode.dll
[2006/12/15 16:25:44 | 000,023,952 | ---- | C] (Microsoft Corporation) -- C:\Users\Larry\psapi_.dll
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/09 18:02:05 | 007,602,176 | -HS- | M] () -- C:\Users\Larry\ntuser.dat
[2010/04/09 17:45:19 | 000,696,576 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/09 17:45:19 | 000,598,704 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/09 17:45:19 | 000,102,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/09 17:39:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/09 17:39:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/09 17:39:23 | 4157,792,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 17:37:46 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/09 17:37:46 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/04/09 17:37:31 | 002,240,687 | -H-- | M] () -- C:\Users\Larry\AppData\Local\IconCache.db
[2010/04/09 17:37:19 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/04/09 16:38:34 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job
[2010/04/09 16:29:18 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\TFC.exe
[2010/04/09 14:48:32 | 000,001,515 | ---- | M] () -- C:\Users\Larry\Desktop\HijackThis (2).lnk
[2010/04/09 02:32:35 | 007,184,528 | ---- | M] (IObit ) -- C:\Users\Larry\Desktop\advanced system care-setup.exe
[2010/04/09 01:41:42 | 000,001,717 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/09 01:40:59 | 036,590,872 | ---- | M] (PC Tools ) -- C:\Users\Larry\Desktop\4 8 10 sdsetup.exe
[2010/04/08 20:36:59 | 000,000,029 | ---- | M] () -- C:\Windows\SysNative\attr.dat
[2010/04/08 17:47:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/04/08 17:16:50 | 000,074,368 | ---- | M] () -- C:\Users\Larry\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/08 17:16:36 | 000,001,356 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
[2010/04/08 17:16:30 | 000,307,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/08 17:07:24 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2010/04/08 16:13:05 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLarry.job
[2010/04/08 14:26:10 | 000,021,143 | ---- | M] () -- C:\Users\Larry\Desktop\t288361[1].htm
[2010/04/08 03:41:53 | 000,000,007 | ---- | M] () -- C:\Users\Larry\Desktop\New Rich Text Format.rtf
[2010/04/08 03:32:08 | 000,002,553 | ---- | M] () -- C:\Users\Larry\Desktop\2.0.3.lnk
[2010/04/08 02:29:08 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 02:27:58 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Larry\Desktop\mbam-setup-1.45.exe
[2010/04/07 23:46:32 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2010/04/07 23:46:32 | 000,001,497 | ---- | M] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/04/07 23:41:10 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Larry\Desktop\HijackThisInstaller.exe
[2010/04/07 23:34:03 | 000,293,376 | ---- | M] () -- C:\Users\Larry\Desktop\4 7 10 xt7y8865.exe
[2010/04/07 23:24:10 | 000,028,772 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2010/04/07 23:24:10 | 000,005,120 | ---- | M] () -- C:\Users\Larry\Documents\yougotit.wps
[2010/04/07 17:33:25 | 000,000,209 | ---- | M] () -- C:\Users\Larry\Desktop\CD Drive - Shortcut.lnk
[2010/04/07 17:30:29 | 000,000,413 | ---- | M] () -- C:\Users\Larry\Desktop\[Active] Virus cripples CPU and redirects Ebay Login to phishing site - Page 2.url
[2010/04/07 01:00:32 | 000,008,704 | ---- | M] () -- C:\Users\Larry\Desktop\TRANS UNION.wps
[2010/04/06 16:11:49 | 000,472,064 | ---- | M] ( ) -- C:\Users\Larry\Desktop\RootRepeal.exe
[2010/04/05 22:54:49 | 000,017,408 | ---- | M] () -- C:\Users\Larry\Documents\massage oils INDIA order.xlr
[2010/04/05 22:53:29 | 000,034,816 | ---- | M] () -- C:\Users\Larry\Documents\oils from india ORDER.xlr
[2010/04/05 17:56:48 | 000,022,528 | ---- | M] () -- C:\Users\Larry\Desktop\Kimbler3.doc
[2010/04/05 17:56:48 | 000,022,528 | ---- | M] () -- C:\Users\Larry\Desktop\Kimbler3 - Copy.doc
[2010/04/01 22:23:10 | 000,000,732 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2010/04/01 22:09:20 | 000,009,216 | ---- | M] () -- C:\Users\Larry\Documents\OPEN PROXY .wps
[2010/04/01 14:52:41 | 000,087,775 | ---- | M] () -- C:\Users\Larry\Desktop\MEXICO enhanced_dl_fs.pdf
[2010/04/01 14:01:33 | 000,001,368 | ---- | M] () -- C:\Users\Larry\Desktop\AOL bookmarks.html
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/29 21:39:00 | 000,506,811 | ---- | M] () -- C:\Users\Larry\Documents\bookmark.htm
[2010/03/29 02:38:12 | 000,020,992 | ---- | M] () -- C:\Users\Larry\Desktop\Kimbler Resume 3pg.wps
[2010/03/28 21:41:55 | 000,022,528 | ---- | M] () -- C:\Users\Larry\Desktop\Kimbler4.wps
[2010/03/28 19:16:02 | 000,000,707 | ---- | M] () -- C:\Users\Larry\Desktop\Fix it - Microsoft ATS.lnk
[2010/03/28 18:00:59 | 000,000,572 | ---- | M] () -- C:\Users\Larry\Desktop\ISeeYouXP.lnk
[2010/03/28 17:31:13 | 001,936,640 | ---- | M] (ParetoLogic Inc.) -- C:\Users\Larry\Desktop\RegCureSetup_RW.exe
[2010/03/28 15:56:34 | 000,169,068 | ---- | M] () -- C:\MGlogs.zip
[2010/03/28 15:44:57 | 000,001,537 | ---- | M] () -- C:\Users\Larry\Desktop\Windows Explorer.lnk
[2010/03/28 14:35:14 | 000,000,314 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2010/03/27 18:04:15 | 000,000,134 | ---- | M] () -- C:\Users\Larry\Desktop\ADD REMOVE POGRAMS (2).lnk
[2010/03/27 17:36:20 | 000,251,392 | ---- | M] () -- C:\Users\Larry\Desktop\blackjack_sfx.exe
[2010/03/27 17:35:31 | 000,251,392 | ---- | M] () -- C:\Users\Larry\Desktop\hijackthis_sfx.exe
[2010/03/27 17:15:02 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/27 15:16:54 | 000,000,240 | ---- | M] () -- C:\Users\Larry\Desktop\COMBO FIX, OTL.url
[2010/03/27 14:52:51 | 000,000,230 | ---- | M] () -- C:\Users\Larry\Desktop\Control Panel (3).lnk
[2010/03/27 14:16:10 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/03/27 14:13:03 | 000,002,059 | ---- | M] () -- C:\Users\Larry\Desktop\Spybot - Search & Destroy.lnk
[2010/03/27 14:12:02 | 000,379,524 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100409-141422.backup
[2010/03/27 01:25:32 | 000,000,196 | ---- | M] () -- C:\Users\Larry\Desktop\Erowid Experience Vaults Bupropion, Clonazepam & Zolpidem - For Anxiety and Smoking Cessation - 44333.url
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/09 16:33:43 | 4157,792,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/09 14:49:16 | 000,009,055 | ---- | C] () -- C:\Program Files\4 9 10 hijackthis.log
[2010/04/09 14:48:32 | 000,001,515 | ---- | C] () -- C:\Users\Larry\Desktop\HijackThis (2).lnk
[2010/04/09 01:45:28 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/04/09 01:45:28 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/04/09 01:45:28 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/04/09 01:45:28 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/04/09 01:45:28 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/04/09 01:41:44 | 000,306,648 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/04/09 01:41:44 | 000,133,072 | ---- | C] () -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/04/09 01:41:44 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/04/09 01:41:43 | 000,230,904 | ---- | C] () -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/04/09 01:41:43 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/04/09 01:41:42 | 000,001,717 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/09 01:41:41 | 000,092,896 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/04/09 01:41:41 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/04/09 01:41:39 | 000,001,816 | ---- | C] () -- C:\Users\Larry\AppData\Local\dd_vcredistMSI0B61.txt
[2010/04/09 01:41:38 | 000,014,620 | ---- | C] () -- C:\Users\Larry\AppData\Local\dd_vcredistUI0B61.txt
[2010/04/09 01:41:38 | 000,001,824 | ---- | C] () -- C:\Users\Larry\AppData\Local\dd_vcredistMSI0B5E.txt
[2010/04/09 01:41:37 | 000,014,636 | ---- | C] () -- C:\Users\Larry\AppData\Local\dd_vcredistUI0B5E.txt
[2010/04/08 20:36:55 | 000,000,029 | ---- | C] () -- C:\Windows\SysNative\attr.dat
[2010/04/08 14:26:10 | 000,021,143 | ---- | C] () -- C:\Users\Larry\Desktop\t288361[1].htm
[2010/04/08 03:41:53 | 000,000,007 | ---- | C] () -- C:\Users\Larry\Desktop\New Rich Text Format.rtf
[2010/04/08 01:01:45 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 23:42:35 | 000,008,140 | ---- | C] () -- C:\Program Files\4 7 10 hijackthis.log
[2010/04/07 23:42:07 | 000,009,055 | ---- | C] () -- C:\Program Files\hijackthis.log
[2010/04/07 23:33:57 | 000,293,376 | ---- | C] () -- C:\Users\Larry\Desktop\4 7 10 xt7y8865.exe
[2010/04/07 23:24:10 | 000,005,120 | ---- | C] () -- C:\Users\Larry\Documents\yougotit.wps
[2010/04/07 17:33:25 | 000,000,209 | ---- | C] () -- C:\Users\Larry\Desktop\CD Drive - Shortcut.lnk
[2010/04/07 17:30:29 | 000,000,413 | ---- | C] () -- C:\Users\Larry\Desktop\[Active] Virus cripples CPU and redirects Ebay Login to phishing site - Page 2.url
[2010/04/07 01:00:32 | 000,008,704 | ---- | C] () -- C:\Users\Larry\Desktop\TRANS UNION.wps
[2010/04/05 22:54:49 | 000,017,408 | ---- | C] () -- C:\Users\Larry\Documents\massage oils INDIA order.xlr
[2010/04/05 22:53:28 | 000,034,816 | ---- | C] () -- C:\Users\Larry\Documents\oils from india ORDER.xlr
[2010/04/05 17:59:35 | 000,022,528 | ---- | C] () -- C:\Users\Larry\Desktop\Kimbler3 - Copy.doc
[2010/04/05 17:56:48 | 000,022,528 | ---- | C] () -- C:\Users\Larry\Desktop\Kimbler3.doc
[2010/04/01 22:09:20 | 000,009,216 | ---- | C] () -- C:\Users\Larry\Documents\OPEN PROXY .wps
[2010/04/01 14:52:39 | 000,087,775 | ---- | C] () -- C:\Users\Larry\Desktop\MEXICO enhanced_dl_fs.pdf
[2010/04/01 14:01:33 | 000,001,368 | ---- | C] () -- C:\Users\Larry\Desktop\AOL bookmarks.html
[2010/03/29 21:34:15 | 000,506,811 | ---- | C] () -- C:\Users\Larry\Documents\bookmark.htm
[2010/03/28 21:42:43 | 000,020,992 | ---- | C] () -- C:\Users\Larry\Desktop\Kimbler Resume 3pg.wps
[2010/03/28 21:41:55 | 000,022,528 | ---- | C] () -- C:\Users\Larry\Desktop\Kimbler4.wps
[2010/03/28 19:06:36 | 000,011,508 | ---- | C] () -- C:\Users\Larry\list of programs .txt
[2010/03/28 15:50:28 | 000,169,068 | ---- | C] () -- C:\MGlogs.zip
[2010/03/28 15:44:57 | 000,001,537 | ---- | C] () -- C:\Users\Larry\Desktop\Windows Explorer.lnk
[2010/03/28 03:45:39 | 000,015,673 | ---- | C] () -- C:\Users\Larry\Ebay email chat.txt
[2010/03/27 18:04:15 | 000,000,134 | ---- | C] () -- C:\Users\Larry\Desktop\ADD REMOVE POGRAMS (2).lnk
[2010/03/27 17:36:16 | 000,251,392 | ---- | C] () -- C:\Users\Larry\Desktop\blackjack_sfx.exe
[2010/03/27 17:35:26 | 000,251,392 | ---- | C] () -- C:\Users\Larry\Desktop\hijackthis_sfx.exe
[2010/03/27 15:09:17 | 000,211,687 | ---- | C] () -- C:\Users\Larry\Desktop\3 14 10 I C U - Copy.jpg
[2010/03/27 15:08:01 | 000,211,687 | ---- | C] () -- C:\Users\Larry\Desktop\3 27 10 I C U.jpg
[2010/03/27 14:53:11 | 000,000,230 | ---- | C] () -- C:\Users\Larry\Documents\Control Panel (2).lnk
[2010/03/27 14:52:51 | 000,000,230 | ---- | C] () -- C:\Users\Larry\Desktop\Control Panel (3).lnk
[2010/03/27 14:43:42 | 000,128,307 | ---- | C] () -- C:\Users\Larry\Desktop\3 27 10 processes blackjack.jpg
[2010/03/27 14:13:03 | 000,002,059 | ---- | C] () -- C:\Users\Larry\Desktop\Spybot - Search & Destroy.lnk
[2010/03/27 01:25:32 | 000,000,196 | ---- | C] () -- C:\Users\Larry\Desktop\Erowid Experience Vaults Bupropion, Clonazepam & Zolpidem - For Anxiety and Smoking Cessation - 44333.url
[2010/03/21 03:28:49 | 000,003,394 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2010/03/03 20:29:05 | 000,488,668 | ---- | C] () -- C:\Users\Larry\microsoft log sent for diagnostics.cab
[2010/02/25 02:50:53 | 000,000,691 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\GetValue.vbs
[2010/02/25 02:50:53 | 000,000,035 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\SetValue.bat
[2010/02/24 02:58:28 | 000,000,120 | ---- | C] () -- C:\Users\Larry\is this a virus.txt
[2010/02/06 08:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 08:31:35 | 000,065,536 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/06 01:58:17 | 000,000,036 | ---- | C] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/01/18 18:00:29 | 000,001,055 | ---- | C] () -- C:\Users\Larry\Fast Blog Finder.lnk
[2009/12/10 04:27:11 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/08/14 23:55:44 | 000,020,795 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\UserTile.png
[2009/06/03 16:13:00 | 000,008,519 | ---- | C] () -- C:\Users\Larry\leggimi.txt
[2009/06/02 16:00:00 | 000,019,676 | ---- | C] () -- C:\Users\Larry\lgs_italiano.txt
[2009/06/02 16:00:00 | 000,001,788 | ---- | C] () -- C:\Users\Larry\ordina.txt
[2009/04/13 18:52:15 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TMContainer00000000000000000002.regtrans-ms
[2009/04/13 18:52:15 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TMContainer00000000000000000001.regtrans-ms
[2009/04/13 18:52:15 | 000,065,536 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TM.blf
[2009/04/06 17:34:00 | 000,018,496 | ---- | C] () -- C:\Users\Larry\lgs_english.txt
[2009/04/05 00:53:38 | 000,000,732 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2009/04/03 19:22:16 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{8471ebfa-20b1-11de-bf33-001c25e73a10}.TMContainer00000000000000000002.regtrans-ms
[2009/04/03 19:22:16 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{8471ebfa-20b1-11de-bf33-001c25e73a10}.TMContainer00000000000000000001.regtrans-ms
[2009/04/03 19:22:16 | 000,065,536 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{8471ebfa-20b1-11de-bf33-001c25e73a10}.TM.blf
[2009/04/03 17:11:27 | 000,001,356 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
[2009/02/19 15:50:52 | 000,019,647 | ---- | C] () -- C:\Users\Larry\lgs_deutsch.txt
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/12/31 16:04:25 | 000,003,584 | ---- | C] () -- C:\Users\Larry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/10 16:16:32 | 000,028,772 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2008/10/30 17:21:36 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\Writer.ini
[2008/10/27 11:08:56 | 000,012,968 | ---- | C] () -- C:\Users\Larry\lgs_chinese (Simplified).txt
[2008/10/27 11:08:46 | 000,012,971 | ---- | C] () -- C:\Users\Larry\lgs_chinese (Traditional).txt
[2008/10/26 20:39:50 | 000,003,127 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/10/26 14:54:34 | 007,602,176 | -HS- | C] () -- C:\Users\Larry\ntuser.dat
[2008/10/26 14:54:34 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2008/10/26 14:54:34 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2008/10/26 14:54:34 | 000,262,144 | -H-- | C] () -- C:\Users\Larry\ntuser.dat.LOG2
[2008/10/26 14:54:34 | 000,262,144 | -H-- | C] () -- C:\Users\Larry\ntuser.dat.LOG1
[2008/10/26 14:54:34 | 000,065,536 | -HS- | C] () -- C:\Users\Larry\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2008/10/26 14:54:34 | 000,000,020 | -HS- | C] () -- C:\Users\Larry\ntuser.ini
[2008/10/22 15:50:12 | 000,012,728 | ---- | C] () -- C:\Users\Larry\lgs_Arabic.txt
[2008/09/26 09:30:58 | 000,016,155 | ---- | C] () -- C:\Users\Larry\lgs_spanish.txt
[2008/09/01 10:54:54 | 000,015,251 | ---- | C] () -- C:\Users\Larry\lgs_slovak.txt
[2008/06/02 16:59:14 | 000,016,445 | ---- | C] () -- C:\Users\Larry\lgs_hungarian.txt
[2008/05/23 11:45:28 | 000,010,274 | ---- | C] () -- C:\Users\Larry\liesmich.txt
[2008/05/23 11:45:02 | 000,007,654 | ---- | C] () -- C:\Users\Larry\readme.txt
[2008/05/06 17:19:11 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/06 17:19:11 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/09/01 14:44:56 | 000,015,897 | ---- | C] () -- C:\Users\Larry\lgs_thai.txt
[2007/04/11 12:17:50 | 000,008,591 | ---- | C] () -- C:\Users\Larry\LisezMoi.txt
[2007/04/02 12:12:30 | 000,014,500 | ---- | C] () -- C:\Users\Larry\lgs_czech.txt
[2007/02/08 12:04:42 | 000,014,975 | ---- | C] () -- C:\Users\Larry\lgs_norwegian.txt
[2006/11/07 19:19:48 | 000,017,864 | ---- | C] () -- C:\Users\Larry\lgs_greek.txt
[2006/10/16 11:59:20 | 000,000,365 | ---- | C] () -- C:\Users\Larry\file_id.diz
[2006/04/04 15:18:52 | 000,015,243 | ---- | C] () -- C:\Users\Larry\lgs_portuguese (Brasil).txt
[2006/03/21 12:43:20 | 000,015,039 | ---- | C] () -- C:\Users\Larry\lgs_bosnian.txt
[2006/02/06 16:42:48 | 000,015,769 | ---- | C] () -- C:\Users\Larry\lgs_Español (latinoamérica).txt
[2005/11/22 15:16:44 | 000,105,243 | ---- | C] () -- C:\Users\Larry\manual_en.pdf
[2005/11/22 15:16:28 | 000,097,568 | ---- | C] () -- C:\Users\Larry\manual_de.pdf
[2005/11/22 14:43:54 | 000,066,659 | ---- | C] () -- C:\Users\Larry\taskman_en.hlp
[2005/11/22 14:43:42 | 000,064,697 | ---- | C] () -- C:\Users\Larry\taskman_de.hlp
[2005/11/22 13:04:54 | 000,024,452 | ---- | C] () -- C:\Users\Larry\pad_file.xml
[2005/10/24 12:17:22 | 000,015,317 | ---- | C] () -- C:\Users\Larry\lgs_russian.txt
[2005/07/25 17:19:06 | 000,016,810 | ---- | C] () -- C:\Users\Larry\lgs_french.txt
[2005/07/12 17:57:44 | 000,015,239 | ---- | C] () -- C:\Users\Larry\lgs_romanian.txt
[2005/06/27 15:51:28 | 000,015,094 | ---- | C] () -- C:\Users\Larry\lgs_dutch.txt
[2005/06/27 12:15:08 | 000,013,051 | ---- | C] () -- C:\Users\Larry\lgs_korean.txt
[2005/06/22 11:44:42 | 000,001,319 | ---- | C] () -- C:\Users\Larry\taskman_de.cnt
[2005/06/22 11:42:16 | 000,001,266 | ---- | C] () -- C:\Users\Larry\taskman_en.cnt
[2005/05/24 14:35:30 | 000,015,088 | ---- | C] () -- C:\Users\Larry\lgs_estonian.txt
[2005/05/13 13:44:34 | 000,014,976 | ---- | C] () -- C:\Users\Larry\lgs_galician.txt
[2005/05/13 13:44:24 | 000,015,905 | ---- | C] () -- C:\Users\Larry\lgs_macedonian.txt
[2005/04/27 11:37:22 | 000,075,146 | ---- | C] () -- C:\Users\Larry\taskman_rus.hlp
[2005/04/27 11:37:22 | 000,001,562 | ---- | C] () -- C:\Users\Larry\taskman_rus.cnt
[2005/04/25 12:23:42 | 000,013,880 | ---- | C] () -- C:\Users\Larry\lgs_swedish.txt
[2005/04/25 12:08:02 | 000,001,792 | ---- | C] () -- C:\Users\Larry\Formulaire.txt
[2005/04/08 10:50:58 | 000,014,233 | ---- | C] () -- C:\Users\Larry\lgs_croatian.txt
[2005/04/05 18:26:46 | 000,014,811 | ---- | C] () -- C:\Users\Larry\lgs_bulgarian.txt
[2005/04/01 13:53:26 | 000,014,908 | ---- | C] () -- C:\Users\Larry\lgs_serbian.txt
[2005/04/01 11:56:40 | 000,141,557 | ---- | C] () -- C:\Users\Larry\taskman_fr.hlp
[2005/03/29 11:51:50 | 000,015,489 | ---- | C] () -- C:\Users\Larry\lgs_portuguese.txt
[2005/03/24 16:02:24 | 000,014,488 | ---- | C] () -- C:\Users\Larry\lgs_faroese.txt
[2005/03/01 14:46:54 | 000,015,272 | ---- | C] () -- C:\Users\Larry\lgs_albanian.txt
[2004/12/06 12:50:52 | 000,013,606 | ---- | C] () -- C:\Users\Larry\lgs_slovenian.txt
[2004/11/30 13:03:28 | 000,001,728 | ---- | C] () -- C:\Users\Larry\order.txt
[2004/11/24 15:02:12 | 000,013,694 | ---- | C] () -- C:\Users\Larry\lgs_vietnam.txt
[2004/11/03 14:58:46 | 000,012,451 | ---- | C] () -- C:\Users\Larry\lgs_ukrainian.txt
[2004/11/03 14:44:14 | 000,013,003 | ---- | C] () -- C:\Users\Larry\lgs_latvian.txt
[2004/10/21 11:35:18 | 000,015,109 | ---- | C] () -- C:\Users\Larry\lgs_indonesian.txt
[2004/09/27 15:30:36 | 000,014,657 | ---- | C] () -- C:\Users\Larry\lgs_finnish.txt
[2004/09/09 12:49:54 | 000,014,725 | ---- | C] () -- C:\Users\Larry\lgs_polish.txt
[2004/09/07 16:09:46 | 000,014,263 | ---- | C] () -- C:\Users\Larry\lgs_norwegian_nynorsk.txt
[2004/09/07 16:09:30 | 000,014,298 | ---- | C] () -- C:\Users\Larry\lgs_norwegian_bokmaal.txt
[2004/08/06 11:42:52 | 000,014,320 | ---- | C] () -- C:\Users\Larry\lgs_danish.txt
[2004/07/26 15:20:22 | 000,027,434 | ---- | C] () -- C:\Users\Larry\lgs_turkish.txt
[2004/04/16 11:59:38 | 000,014,902 | ---- | C] () -- C:\Users\Larry\lgs_catalan.txt
[2003/12/15 12:09:08 | 000,144,264 | ---- | C] () -- C:\Users\Larry\manual_fr.pdf
[2003/12/15 12:09:08 | 000,001,613 | ---- | C] () -- C:\Users\Larry\taskman_fr.cnt
[2003/10/21 16:00:54 | 000,001,434 | ---- | C] () -- C:\Users\Larry\bestell.txt

========== LOP Check ==========

[2010/02/04 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/18 18:00:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\G-Lock Software
[2010/03/20 21:31:10 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Image Zone Express
[2010/03/15 01:33:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\IObit
[2009/08/14 23:55:44 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\PeerNetworking
[2009/06/19 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Printer Info Cache
[2008/11/10 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
[2010/01/17 22:13:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Uniblue
[2010/03/16 01:30:22 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/01/26 23:23:46 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinBatch
[2010/03/07 01:11:21 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/04/09 17:37:35 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/09 16:38:34 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 843 bytes -> C:\Users\Larry\Documents\We Need Review Writers a-s-a-p (Palm Springs).eml:OECustomProperty
@Alternate Data Stream - 708 bytes -> C:\Users\Larry\Documents\Can you help me__.eml:OECustomProperty
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

 

Hi Broni,
Here is the scan that was in notepad:

Malwarebytes Full Scan:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

4/7/2010 22:18:17
mbam-log-2010-04-07 (22-18-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 266513
Time elapsed: 1 hour(s), 21 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
----------------------------------------
GMER
I followed your directions. There was a small box that came up & said GMER didn't find any system modifications. I clicked the "ok" to close. (I did click on the save button but the head caption to save it was System32. I clicked save but nothing was there.

----------------------------------------
HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:46, on 4/7/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Larry\Desktop\4 7 10 xt7y8865.exe
C:\Program Files\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ÿþ1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe "
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy 7\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files (x86)\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files (x86)\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Uniblue ProcessQuickLink 2] "C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files (x86)\UnHackMeB\hackmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files (x86)\TM\blackjack\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: DFS Replication (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
O23 - Service: CNG Key Isolation (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Netlogon - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8139 bytes

----------------------------------------

 

Still no windows update, sound, printing

Broni,
I still can't use windows backup, have no printing, sound, control panel is empty. The PC >sounds< like it is constantly downloading/reading info; CPUsave was at 53% (is that normal) In the registry under "keyboard" it had WindowsMediaPlayer.exe (Is that normal also)? Several places within the registry under properties I could not open (access denied?) It seems I remember reading media state: disconnected. I'm so stupid at these things. Recently I went to an attorneys web site for info and they said I was denied because I was running 2 ip's and that one was a blacklisted open proxy and was denied access until I only had one ip address (?) The constant sound the PC making doens't seem normal to me. You are the expert but is there any way that we can be sure by checking the things in task manager, or registry? This PC is >constantly< reading or doing something. When I checked the CPU icon on the lower right it said 53% (now it is gone)

Anyway, if you say it's clean, I'm sure it's clean.

 

Can't seem to download that...comes up with a windows that says "done "
In the upper left corner it says in WWW area "about:blank "

I believe I might have a log I ran a few days ago... waiting your direction.

 

Am downloading from MajorGeeks now...found this info also while looking around my pc' I have a screen shot but can't heal or fix it unless purchase of spyware doctor (am downloading & will send you results of scan


http://www.threatexpert.com/reports.aspx?find=Trojan-Downloader.Delf

Trojan-Downloader.Delf will contact a remote server to download additional malware onto a users computer without their knowledge.
Type: TT_Downloader

Spyware.Known_Bad_Sites (3)
Threat Level: High

Description: Indicates that a known bad site may have hijacked. Adware, Spyware and Phishing sites may use the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site such as your Bank.

 

Im sorry B; The Dr Curit scan on the "stort" scan ran about and hour; the second scan ran for 2 hours and stopped didconnect from the internet Spydoctor found trojan downloader delf and some other stuff. I have uploaded that screen shot so you can see it there but didn't know how to get it to you here. sorry so stupid. I am so utterly exhausted; I went to sleep at 6 am this morning; have run every scan in the malware world; I disconnected the power cord last night in hopes that I could get a new ip and it would shut up; I don't know what the **** I am doing anymore. I tried to >manually< take this trojan off thru the rgistry and the registry comes up with nothing. I tried to open up my "kill" programs, no go, tried to rename them cant do it; tried to alter persmissions, inherited ****, I can't change anything on this pc.
I'm so sorry to be so angry, I just think this people are absolutly crooks; forget the months that I have been working on this I just want it to shut up.
aleta



http://www.uploadmb.com/dw.php?id=1270957236

<A HREF='http://www.uploadmb.com/dw.php?id=1270957236'>Screen Shot trojan.jpg.wps</A>

Screen Shot trojan.jpg.wps

 

FYI PS Tried to run a hijack this log and was denied acces to the host file

 

B, Here is Dr. Curit's log: Can you tell me B which one of the below do I send to you or do I send them all (just so I know) I also have a log that looks interesting called MGtools (are you familiar with that; I downloaded that at Major Geeks when I was reading about finding stuff on your pc; just thought I'd mention it cuz I thought I read something about proxy on there) Just FYI. >following directions here<

http://www.uploadmb.com/dw.php?id=1270963243

<A HREF='http://www.uploadmb.com/dw.php?id=1270963243'>CureIt.log</A>

CureIt.log

 

that worked =)

I have it if you ever need it.

 

"accept" is grayed out on Kapersky

2. Go to Kaspersky website and perform an online antivirus scan.


Downloaded Java; trying to run Kapersky but the "accept" button is grayed out or not available. Sent an email to them asking if it was me or what.

Suggestions?

Will continue on with your directions.

You did see the screen shot that I sent you that says I have Trojan Downloader Delf that contacts remove servers?

Bye now.