PC slowdown

[nondaj]

Dell XPS400 Dimension                     
   XP-Pro    Version 2002  SP2             
   Pentiumｮ D 2.80  GHz                               
         2.79 GHz, 2.00 GB of Ram

Within last 3-4 days my PC has apparently suddenly begin to slow down until now it is almost impossible to work with it especially online.  Downloads which before used to take seconds to minutes now state they will take 1-2 hours.  Pictures seem to be the worst offender re downloads either online or in emails.

One recipent's emails are going to the deleted file rather than the inbox.

Have a variety of protection programs but both they and my anti-virus come up with no unusual infections.  Have defragged and scanned disc the PC again with no results re the problems I am having.

Can anyone suggest what might be wrong or what I might do to correct the problems?

Am using Obit Pro, Reg Scrub, CCleaner,  Spy Hunter, Windows Defender and Windows Malicious Tool Remover all of which were recommended at one time by a PC tech.  My anti-virus is ESET NOD32.  I continually update all programs in attempt to avoid problems such that am having now.

So what am I doing wrong here?

[CBMatt]

Please start here: http://www.computerhope.com/forum/index.php/topic,46313.0.html

[nondaj]

Have followed the directions clear down to Hi-Jack this but am stuck here.  I downloaded Hi-Jack and renamed it to JHT but there is no 'install' button; when I double click on HJT file, it merely opens to programs with which to open the download.  What have I missed or done in error?

[CBMatt]

It sounds like you may have removed the file extension when renaming it.  Try downloading HijackThis again, but this time, don't rename it.  Does it work now?

[nondaj]

OK will try again and let you know how I do.  Thanks for hanging in with me.

[nondaj]

Following is my Hi-Jack log.  Could not follow your instructions quite to the letter but was able to still get this Hi-Jack log so hope it is OK. 



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:14 PM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\G.H.O.S.T. Hunters\Images\stg_drm.ocx
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.collegeofthedesert.edu/SiteCollectionImages/TitleGraphic.jpg
O24 - Desktop Component 1: (no name) - https://www.verizon.net/central/resources/images/email/emailheader.jpg

--
End of file - 5541 bytes

[CBMatt]

Remove this entry with HijackThis:

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Simply place a check next to it and click on Fix Checked.

Other than that, not much is showing up in your log.  Why were you unable to do the other steps?  Could you not download the programs?  Did you receive any errors?

[nondaj]

No I was able to download everything.  There were just some directions that you gave that I could not find the steps to follow through exactly.  However, continuing on with what I was seeing on my screen I think I arrived at the place where I was supposed to be re your directions.

This might be an example.  When I did the log, there were two screens that opened: the log I sent you and the other would have been the 'fix it' screen where I could put a check mark and click on fix it.  However, there was no place on this screen to save it, no toolbar at all so when I logged off for the night, it of course disappeared.


Not sure whether to go through process again of developing a log to bring this screen back up again in order to delete the 'string' you indicated. Or is there another way to delete same the string?

My PC continues to malfunction and is getting no better.  Does this then mean, if nothing else is found, that I may be having software conflicts?

Some time ago a tech put SpyHunter on my PC - I did not opt for it so do not know anything about it.  It has now 'gone down', will not function when I try to use it.  Wondering if I can safely let windows delete this program to see if it will help my problems.

I have a couple of entries on the ADD\Remove listing that will not delete. 

Error messages are Setup.Ex has encountered a problem and must close - this for a program called Google Earth.

And Logitech Desk Messenger has an error message but it goes by so fast unable to read it; the listing just will not delete.

Found both in the registry but as a novice, hesitate to do anything there!  Not sure any of these has anything to do with my PC troubles right now.

I always let windows delete any software program unless the program itself has a deletion option.  There are some listings that I do not know anything about but would not dare to delete unless I had advice or knew more about them.

 What else can I do to resolve my PC problems or is there something I have missed along the way in your efforts to help me?

Again all the downloads went well but these problems persist:

1 - very very slow downloads particularly if pictures are involved

2 - emails are especially slow to download so that I have advised email correspondents to cease embedding pictures in emails as they seem to stop up the downloads completely.  Attachments do not seem to be an issue.

3 - one correspondent's emails go to my deleted box instead of the inbox (am using Outlook Express by the way) so have to continually be aware of this.  This person lives in England and is on AOL.

4 - moving about on the internet is so frustrating that I frequently have to give up attaining some sites.

5 - cannot see some sites because IE browser refuses to recognize that I have Flash Player 10 installed.  Some of these sites are crucial to my work on the PC so need to resolve this issue eventally.

Do appreciate your efforts thus far and willing to wait and work if such needs to be done to resolve any of my problems.

[CBMatt]

You've certainly got a lot of issues.  I don't know if they're all virus-related, but we'll try to find out.  For starters...to remove the bold entry I posted above, simply open HijackThis and click on the option that says something along the lines of Scan without saving a log.  It will bring up a list of entries.  Simply scroll down to the R3 section, place a checkmark next to the entry above, and click on Fix Checked.

Once you have done that, try to follow the instructions below...
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.  Also, keep in mind that the ComboFix log probably won't fit into one post, so you may have to break it up into sections.

[nondaj]

OK - got down to the link that was to bring up list of protection programs to disable but could not find any list.

All I could find on the screen that came up was ads for spyware removal programs.  So where did I miss the boat?

[CBMatt]

Take a look at the image I have attached below.  Is that not the page you see?  If it is, you are supposed to look for your anti-virus in the list (use Ctrl+F if you have trouble) and it will explain how to disable it.  If that's not the page you see, then you may have a browser hijacker.  If that's the case...are you able to download ComboFix?  If not, let me know.  But if you can, go ahead and download it.  You are using ESET, correct?  You should be able to simply right-click the icon near the bottom-right of your screen, and choose Quit.  When asked if you want to quit, click Yes.  Then follow the rest of my previous instructions.

Give it a shot and let me know what your results are.

[attachment deleted by admin]

[nondaj]

Ah ha browser hi-jacker makes sense from what little I know re PCs because it is the internet and email where most of my problems lie.  No I do not see that screen you showed, yes I was able to download the Combo file and yes will turn off my ESET NOD32.  Keep you posted how I make out.

[nondaj]

New Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:03 AM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\G.H.O.S.T. Hunters\Images\stg_drm.ocx
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.collegeofthedesert.edu/SiteCollectionImages/TitleGraphic.jpg
O24 - Desktop Component 1: (no name) - https://www.verizon.net/central/resources/images/email/emailheader.jpg

--
End of file - 5443 bytes

[nondaj]

Combo log

ComboFix 09-01-07.01 - Jean 2009-01-08  9:06:08.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2046.1409 [GMT -8:00]
Running from: c:\documents and settings\Jean\Desktop\ComboFix.exe
 * Created a new restore point
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jean\Application Data\inst.exe
C:\setup.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\msvrc20.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP


(((((((((((((((((((((((((   Files Created from 2008-12-08 to 2009-01-08  )))))))))))))))))))))))))))))))
.

2009-01-05 20:23 . 2009-01-05 20:23   <DIR>   d--------   c:\program files\Trend Micro
2009-01-04 20:37 . 2009-01-04 20:37   <DIR>   d--------   c:\program files\Java
2009-01-04 20:37 . 2009-01-04 20:37   410,984   --a------   c:\windows\system32\deploytk.dll
2009-01-04 20:37 . 2009-01-04 20:37   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-01-04 18:03 . 2009-01-06 19:57   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-01-04 18:03 . 2009-01-04 18:03   <DIR>   d--------   c:\documents and settings\Jean\Application Data\SUPERAntiSpyware.com
2009-01-04 18:03 . 2009-01-04 18:03   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-01 22:26 . 2009-01-02 13:51   <DIR>   d--------   c:\program files\7-Zip
2009-01-01 15:02 . 2009-01-01 15:02   64,544   --a------   c:\documents and settings\MSSSerif96.fon
2009-01-01 15:02 . 2009-01-01 15:02   54,156   --ah-----   c:\windows\QTFont.qfn
2009-01-01 15:02 . 2009-01-01 15:02   1,409   --a------   c:\windows\QTFont.for
2009-01-01 14:45 . 2009-01-01 15:06   <DIR>   d--------   c:\program files\Common Files\Sonic Shared
2008-12-30 09:29 . 2008-10-07 12:33   201,157   --a------   c:\windows\system32\nvapps.nvb
2008-12-29 22:25 . 2008-12-29 22:28   <DIR>   d--------   c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-21 18:11 . 2009-01-07 19:01   <DIR>   d--------   c:\documents and settings\All Users\Lx_cats
2008-12-21 18:01 . 2008-12-21 18:01   <DIR>   d--------   C:\logs
2008-12-21 18:01 . 2008-02-18 20:14   360,448   --a------   c:\windows\system32\lxdxcoin.dll
2008-12-21 18:01 . 2008-02-06 02:24   60,996   --a------   c:\windows\system32\lxdxprpr.chm
2008-12-21 18:01 . 2008-02-27 16:15   40,960   --a------   c:\windows\system32\lxdxvs.dll
2008-12-21 18:00 . 2008-12-21 18:00   <DIR>   d--------   c:\program files\Lexmark Toolbar
2008-12-21 18:00 . 2008-02-27 16:11   782,336   --a------   c:\windows\system32\lxdxdrs.dll
2008-12-21 18:00 . 2001-08-17 22:36   87,040   --a------   c:\windows\system32\wiafbdrv.dll
2008-12-21 18:00 . 2001-08-17 22:36   87,040   --a--c---   c:\windows\system32\dllcache\wiafbdrv.dll
2008-12-21 18:00 . 2008-02-27 16:11   81,920   --a------   c:\windows\system32\lxdxcaps.dll
2008-12-21 18:00 . 2008-02-27 16:02   69,632   --a------   c:\windows\system32\lxdxcnv4.dll
2008-12-21 18:00 . 2006-12-06 09:19   44   --a------   c:\windows\system32\lxdxrwrd.ini
2008-12-21 17:59 . 2009-01-03 21:10   <DIR>   d--------   c:\program files\Lexmark 3600-4600 Series
2008-12-13 18:15 . 2008-12-13 18:21   22,016   --a------   C:\final grades.doc
2008-12-12 07:44 . 2008-10-03 02:15   247,326   -----c---   c:\windows\system32\dllcache\strmdll.dll

.
(((((((((((((

[nondaj]

rest of Combo log

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 04:50   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-05 02:02   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-01-03 23:05   ---------   d-----w   c:\program files\RegScrubXP
2009-01-02 23:18   ---------   d-----w   c:\program files\QuickTime
2009-01-02 22:15   ---------   d-----w   c:\documents and settings\Jean\Application Data\GoodSync
2009-01-02 21:57   ---------   d-----w   c:\documents and settings\All Users\Application Data\WinZip
2008-12-30 18:22   ---------   d-----w   c:\documents and settings\Jean\Application Data\MailWasherPro
2008-12-30 07:32   ---------   d-----w   c:\program files\CCleaner
2008-12-23 21:28   ---------   d-----w   c:\documents and settings\Jean\Application Data\UHS Reader
2008-12-08 16:58   ---------   d-----w   c:\program files\Google
2008-12-06 16:57   ---------   d-----w   c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-04 03:09   ---------   d-----w   c:\program files\Mulawa Dreaming
2008-12-01 22:19   ---------   d-----w   c:\program files\UHS
2008-11-28 23:08   ---------   d-----w   c:\documents and settings\Administrator\Application Data\MailWasherPro
2008-11-27 22:01   ---------   d-----w   c:\program files\SolSuite
2008-11-26 18:19   ---------   d-----w   c:\program files\Lighthouse Interactive
2008-11-25 17:33   94,157   ----a-w   C:\Uninstal.exe
2008-11-24 04:08   ---------   d-----w   c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-24 04:06   ---------   d-----w   c:\documents and settings\Administrator\Application Data\IObit
2008-11-20 03:57   ---------   d-----w   c:\program files\Sierra On-Line
2008-11-20 03:57   ---------   d-----w   c:\program files\Shirleetaire
2008-11-18 01:53   ---------   d-----w   c:\program files\Windows Media Connect 2
2008-11-18 01:53   ---------   d-----w   c:\program files\Verizon
2008-11-18 01:53   ---------   d-----w   c:\program files\TestGen
2008-11-18 01:53   ---------   d-----w   c:\program files\Barrow Hill
2008-11-18 01:53   ---------   d-----w   c:\program files\123 Free Puzzle
2008-11-18 01:53   ---------   d-----w   c:\documents and settings\Jean\Application Data\TestGen
2008-11-18 01:53   ---------   d-----w   c:\documents and settings\Jean\Application Data\SpinTop
2008-11-18 01:46   ---------   d-----w   c:\program files\IObit
2008-11-18 01:46   ---------   d-----w   c:\documents and settings\Jean\Application Data\IObit
2008-11-16 08:34   ---------   d-----w   c:\documents and settings\Jean\Application Data\SolSuite
2008-11-11 07:15   1,441,792   ----a-w   C:\jigsaws.exe
2008-11-08 18:37   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-11-04 02:04   8   -c--a-w   c:\documents and settings\Jean\Application Data\usb.dat.bin
2008-11-02 19:51   0   ----a-w   C:\mcs.dat
2007-11-27 06:26   47,360   -c--a-w   c:\documents and settings\Jean\Application Data\pcouffin.sys
2004-07-30 05:38   1,839,040   -c--a-w   c:\program files\VDMSound2[1].1.0.exe
2007-04-06 05:44   1,623,584   -csha-w   c:\windows\system32\drivers\fidbox.dat
2007-04-06 05:44   67,104   -csha-w   c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4