Malware keeps infecting my PC

Inactive
By Paul881
Dec 27, 2011
Topic Status:
Not open for further replies.
  1. Please find detailed below logs from my PC for Malbytes, GMER and DDS. For some reason, my PC keeps being reinfected and as I am very particular about what sites I visit and what I d/load, I don't understand why I get so many Trojans?

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 911122701

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    27/12/2011 12:45:33
    mbam-log-2011-12-27 (12-45-33).txt

    Scan type: Quick scan
    Objects scanned: 198947
    Time elapsed: 18 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MainConcept (Trojan.Agent) -> Value: MainConcept -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\paul l. smith\local settings\temp\malremtool.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\paul l. smith\local settings\temp\174.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\paul l. smith\local settings\temp\p1kalmig2kb7fz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-12-27 13:16:53
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3500630A rev.3.AAF
    Running: ijg3mu5u.exe; Driver: C:\DOCUME~1\PAULL~1.SMI\LOCALS~1\Temp\pgdcypod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB6C4EBDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB6C4EA45]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6CA37A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\a0j2nw7m \Device\Scsi\a0j2nw7m1Port2Path0Target0Lun0 8A3621F8
    Device \Driver\a0j2nw7m \Device\Scsi\a0j2nw7m1 8A3621F8
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Ntfs \Ntfs 8A6A31F8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Fastfat \Fat 8A32C1F8

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:392] 89F262A0

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Paul L. Smith at 13:22:28 on 2011-12-27
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1381 [GMT 0:00]
    .
    AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\M-Audio\Axiom\AudioDevMon.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGYE.EXE
    C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearch Page = hxxp://www.google.com
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    BHO: CmjBrowserHelperObject Object: {07a11d74-9d25-4fea-a833-8b0d76a5577a} - c:\program files\mindjet\mindmanager 7\Mm7InternetExplorer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [EPSON PX720WD Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigye.exe /fu "c:\windows\temp\E_S13E.tmp" /EF "HKCU"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - c:\program files\mindjet\mindmanager 7\Mm7InternetExplorer.dll
    Trusted Zone: line6.net
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198910439140
    DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxps://register.btinternet.com/templates/btwebcontrol028.cab
    DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
    DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    TCP: Interfaces\{C6420938-3115-4CE0-8437-D6D31209BF94} : NameServer = 192.168.2.1,192.168.2.2
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-9-25 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-9-25 195416]
    R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [2007-9-28 30808]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-8-15 13496]
    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2007-9-23 11264]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-9-25 111320]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-25 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-8-23 314456]
    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-10-12 10872]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-8-19 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-19 67656]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-23 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-25 44768]
    R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
    R2 AxiomAudioDevMon;Axiom Audio Device Monitor;c:\program files\m-audio\axiom\AudioDevMon.exe [2010-2-19 1632776]
    R2 Fileprot;Fileprot;c:\windows\system32\drivers\fileprot.sys [2007-10-22 32491]
    R2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [2010-1-23 14416]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
    R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2007-11-3 2688]
    S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-9-25 127192]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-6 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-6 135664]
    S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2009-10-15 22232]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 MPD16USB;AKAIpro MPD16 Driver;c:\windows\system32\drivers\MPD16USB.sys [2007-9-22 21793]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-6-16 16472]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-6-16 11104]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-19 12872]
    S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2007-11-3 184320]
    S3 YH;YH;c:\docume~1\paull~1.smi\locals~1\temp\YH.exe [2010-4-22 539520]
    S4 Scen_cl;Scen_cl; [x]
    .
    =============== Created Last 30 ================
    .
    2011-12-26 12:10:55 -------- d-----w- c:\program files\Regensoft
    2011-12-26 12:10:34 -------- d-----w- c:\program files\Red Kawa
    2011-12-18 02:38:37 -------- d-----w- c:\documents and settings\paul l. smith\application data\DDMSettings
    2011-12-15 19:47:51 -------- d-----w- c:\program files\iTunes
    .
    ==================== Find3M ====================
    .
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 22:10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 13:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 13:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-03 04:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 01:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2008-03-21 08:05:11 719174560 ----a-w- c:\program files\ADBEPPROCS3_ALP.exe
    2004-10-04 07:56:24 28676096 ----a-w- c:\program files\StylusRMX.dll
    .
    ============= FINISH: 13:24:01.09 ===============
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Welcome back Paul. Before I go on, I'd like your assurance that you will stick with the thread. I was helping you in March, but you abandoned the thread.
    ======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Some reason why you will continue to get malware:

    1. You're running the file sharing Vuze Remote Toolbar
    2. You have 4 outdates versions of Java on the system.
    3. Are you aware that you are running the AVG Antispyware? It's v7.5 and may be outdated.
    All of the above create vulnerabilities for the system.
    ===================================
    Additionally, the most likely scenario is that every time you reboot, the malware starts up again because it hasn't been completely removed. You have malware named "MALREMTOOL.EXE" which is Cloaked Malware. It's another of the many rogue programs out now.
    ==================================
    There is another log from DDS. It is named Attach.txt Please find it on the system and include it with the other logs in your next reply> do not zip it and paste it, not attach.
    ===================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
      ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ========================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    Download Security Check by screen317 from one of these links:
    Link1
    Link 2
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  3. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    According to the records of my posts, I didn't post anything in March this year. But I did ask a similar question in May which you answered - maybe thats the one you were thinking of?

    In answer to the points you include in your response:

    1. Shall I remove the Vuze Remote Toolbar? I never use it anyway.
    2. How do I remove the 4 outdates versions of Java on the system?
    3. I wasn't aware that I was running AVG Antispyware - I thought I had let that subscription lapse. I now subscribe to Avast Antivirus so what would you recommend me do with the AVG - shall I update and keep it? I assume it's not working in an active mode as its subscription has lapsed and can't be opened anymore?

    ===================================
    You ask for my DDS Attach log but it is not clear from you response if you want me to zip it, attach it or paste it?

    Once I run Combofix and CK Scanner I'll post those logs.

    Many thanks!

    .
  4. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    ComboFix keeps freezing my PC.
    The first time I used CF it d/l'd M/soft Recovery Console and then froze. On reboot, CF didn't take me to the M/soft Recovery Console pages but went into scan so I'm assuming that RC was installed?.

    Next reboot It got to stage 3 and then froze. On reboot, it got to Stage 5 and froze. Next time only to stage 3. I'm disabling Avast before opening CF.

    Shall I open CK Scanner?
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    On this thread, you asked:
    To which I replied:
    Those were meant to address your question.
    If you don't use the Vuze Toolbar, why haven't you uninstalled it?

    Regarding the multiple Java programs:
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ===========================================
    Regarding Combofix:
    ==========================================='
    My instructions for the other DDS log:
    Now you want to know:
    Attach.txt is the name of the log, not a direction. I think "don't zip and paste the log in" are clear enough.
    ========================================
    I find entries which to me appear either not fully installed/running or possibly user isn't aware it's on system. So I ask.
    If you're not using AVG antispyware, uninstall it. In earlier versions of AVG, the AV program and the antispyware program were separate. Beginning with v8, Grisoft combined the AV and the antispyware into one program. So if you had v7.5, it is not updating and therefore of no use.

    If you now have Avast AV on the system, keep it.
    =================================
    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode.
    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    -------------------------------------
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 3 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    Rkill instructions
    Once you've gotten one of them to run
    • immediately double click on friday.exe to run
    • If normal mode still doesn't work, run BOTH tools from safe mode.

    In you have done #2, please post BOTH logs, rKill and Combofix.
    ================================
    Follow with CK Scanner.

    I hope I have clarified things for you. Best to read all instructions carefully. I would have handled the multiple Javas in time. Once you've run Combofix, I will write some script that will also remove any remaining entries from the programs discussed above.
  6. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    I have d/l'd Java Ra and run it successfully as well as installing the latest Java and veryfying it.

    Tomorrow I will complete your instructions regarding Combofix, Rkill and exeHelper. I have removed the Vuze Remote Toolbar and will also remove the AVG antispyware

    This is the DDS Attach log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 21/09/2007 22:25:47
    System Uptime: 30/05/2011 07:58:53 (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P4PE
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | PGA 478 | 2405/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 146 GiB total, 25.663 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 248 GiB total, 21.824 GiB free.
    G: is FIXED (NTFS) - 117 GiB total, 47.06 GiB free.
    H: is FIXED (NTFS) - 101 GiB total, 41.228 GiB free.
    I: is FIXED (NTFS) - 164 GiB total, 105.148 GiB free.
    J: is FIXED (NTFS) - 155 GiB total, 12.582 GiB free.
    K: is CDROM ()
    M: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP785: 01/03/2011 16:14:53 - System Checkpoint
    RP786: 02/03/2011 16:46:02 - System Checkpoint
    RP787: 03/03/2011 17:29:48 - System Checkpoint
    RP788: 04/03/2011 17:58:04 - System Checkpoint
    RP789: 05/03/2011 18:11:55 - System Checkpoint
    RP790: 06/03/2011 18:45:51 - System Checkpoint
    RP791: 07/03/2011 19:46:55 - System Checkpoint
    RP792: 08/03/2011 03:00:18 - Software Distribution Service 3.0
    RP793: 09/03/2011 03:45:50 - System Checkpoint
    RP794: 10/03/2011 03:00:22 - Software Distribution Service 3.0
    RP795: 11/03/2011 03:37:20 - System Checkpoint
    RP796: 11/03/2011 07:31:02 - Installed Java(TM) 6 Update 24
    RP797: 12/03/2011 08:10:05 - System Checkpoint
    RP798: 13/03/2011 08:24:23 - System Checkpoint
    RP799: 14/03/2011 10:01:40 - System Checkpoint
    RP800: 15/03/2011 10:58:23 - System Checkpoint
    RP801: 16/03/2011 03:00:18 - Software Distribution Service 3.0
    RP802: 17/03/2011 03:24:28 - System Checkpoint
    RP803: 18/03/2011 16:52:16 - System Checkpoint
    RP804: 19/03/2011 06:10:32 - Installed HD Writer AE 2.1
    RP805: 20/03/2011 06:57:05 - System Checkpoint
    RP806: 21/03/2011 07:58:53 - System Checkpoint
    RP807: 22/03/2011 08:58:09 - System Checkpoint
    RP808: 23/03/2011 09:57:04 - System Checkpoint
    RP809: 23/03/2011 18:26:58 - Software Distribution Service 3.0
    RP810: 24/03/2011 20:11:12 - System Checkpoint
    RP811: 07/04/2011 17:19:57 - System Checkpoint
    RP812: 08/04/2011 18:16:50 - System Checkpoint
    RP813: 09/04/2011 18:20:22 - System Checkpoint
    RP814: 10/04/2011 18:35:41 - System Checkpoint
    RP815: 11/04/2011 19:34:35 - System Checkpoint
    RP816: 12/04/2011 19:37:42 - System Checkpoint
    RP817: 13/04/2011 19:47:09 - System Checkpoint
    RP818: 14/04/2011 20:34:35 - System Checkpoint
    RP819: 15/04/2011 03:00:33 - Software Distribution Service 3.0
    RP820: 16/04/2011 03:34:35 - System Checkpoint
    RP821: 17/04/2011 04:07:18 - System Checkpoint
    RP822: 18/04/2011 05:07:14 - System Checkpoint
    RP823: 19/04/2011 06:07:13 - System Checkpoint
    RP824: 20/04/2011 09:16:38 - System Checkpoint
    RP825: 21/04/2011 03:00:26 - Software Distribution Service 3.0
    RP826: 22/04/2011 03:05:45 - System Checkpoint
    RP827: 22/04/2011 07:45:43 - Installed Google SketchUp 8
    RP828: 23/04/2011 07:53:22 - System Checkpoint
    RP829: 24/04/2011 08:08:38 - System Checkpoint
    RP830: 25/04/2011 08:52:15 - System Checkpoint
    RP831: 26/04/2011 10:47:56 - System Checkpoint
    RP832: 27/04/2011 12:12:05 - System Checkpoint
    RP833: 28/04/2011 03:00:18 - Software Distribution Service 3.0
    RP834: 29/04/2011 03:55:06 - System Checkpoint
    RP835: 30/04/2011 04:14:46 - System Checkpoint
    RP836: 01/05/2011 05:14:46 - System Checkpoint
    RP837: 02/05/2011 06:14:45 - System Checkpoint
    RP838: 03/05/2011 06:28:22 - System Checkpoint
    RP839: 04/05/2011 07:31:08 - System Checkpoint
    RP840: 05/05/2011 08:14:46 - System Checkpoint
    RP841: 06/05/2011 08:51:05 - System Checkpoint
    RP842: 07/05/2011 09:15:43 - System Checkpoint
    RP843: 08/05/2011 10:15:42 - System Checkpoint
    RP844: 09/05/2011 11:28:07 - System Checkpoint
    RP845: 10/05/2011 11:48:08 - System Checkpoint
    RP846: 11/05/2011 03:00:18 - Software Distribution Service 3.0
    RP847: 12/05/2011 03:00:33 - Software Distribution Service 3.0
    RP848: 13/05/2011 03:14:32 - System Checkpoint
    RP849: 14/05/2011 04:14:29 - System Checkpoint
    RP850: 15/05/2011 05:27:30 - System Checkpoint
    RP851: 16/05/2011 05:28:29 - System Checkpoint
    RP852: 17/05/2011 07:33:28 - System Checkpoint
    RP853: 18/05/2011 08:20:53 - System Checkpoint
    RP854: 19/05/2011 09:14:52 - System Checkpoint
    RP855: 20/05/2011 09:57:32 - System Checkpoint
    RP856: 21/05/2011 10:28:52 - System Checkpoint
    RP857: 22/05/2011 11:14:23 - System Checkpoint
    RP858: 23/05/2011 12:11:33 - System Checkpoint
    RP859: 24/05/2011 12:29:45 - System Checkpoint
    RP860: 25/05/2011 13:29:45 - System Checkpoint
    RP861: 26/05/2011 13:48:05 - System Checkpoint
    RP862: 27/05/2011 14:48:05 - System Checkpoint
    RP863: 28/05/2011 22:32:25 - System Checkpoint
    RP864: 29/05/2011 22:39:24 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    7-Zip 4.65
    ABBYY FineReader 9.0 Sprint
    AC3Filter 1.63b
    ACDSee 4.0.2 Standard
    Acrobat.com
    AD Sound Recorder 3.7.2
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop Elements 6.0
    Adobe Premiere Pro CS3
    Adobe Reader X (10.0.1)
    Adobe Setup
    Advanced X Video Converter
    AltoMP3 Gold 5.20
    Amazing Sounds CDxtract v4.1.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft VideoImpression 1.6FP
    ASAPI Update
    Atmosphere
    avast! Antivirus
    AVFC TV
    AVG Anti-Spyware 7.5
    AviSynth 2.5
    BBC iPlayer Download Manager
    BlackBerry Desktop Software 6.0.1
    BlackBerry Device Software v4.5.0 for the BlackBerry 8310 smartphone
    BlindWrite5
    Bonjour
    Business Plan Pro 2007
    Cakewalk Rapture Expansion Pack 1
    Cakewalk Rapture Expansion Pack 2
    Cakewalk VST Adapter 4.4.4.0
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    Camel Audio Cameleon 5000 v1.7 VSTi
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner
    CDex extraction audio
    ChordWizard Gold 2.0
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    ConvertXtoDVD 4.0.5.315
    Critical Update for Windows Media Player 11 (KB959772)
    Dimension Pro XP2
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    eMule
    Enigma
    EPSON Attach To Email
    EPSON Copy Utility 3
    EPSON Easy Photo Print
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Event Manager
    EPSON File Manager
    EPSON Image Clip Palette
    Epson Print CD
    EPSON PRINT Image Framer Tool
    EPSON Printer Software
    EPSON PX720WD Series Manual
    EPSON PX720WD Series Network Guide
    EPSON PX720WD Series Printer Uninstall
    EPSON Scan
    EPSON Scan Assistant
    EPSON Web-To-Page
    EpsonNet Print
    EpsonNet Setup 3.3
    ESPRX700 User's Guide
    Express Burn Disc Burning Software
    Extreme Sample Converter v3.1.3.1156
    ffdshow
    ffdshow [rev 1943] [2008-04-16]
    FileASSASSIN
    FinePixViewer Ver.4.2
    Free Create-Burn ISO Image v2.0
    Free M4a to MP3 Converter 6.1
    FUJIFILM USB Driver
    GForce - impOSCar
    Gogo MP3 To CD Burner
    Google Chrome
    Google Earth
    Google SketchUp 8
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPL Ghostscript 8.60
    GPL Ghostscript Fonts
    GSview 4.8
    H264 Codecs
    HD Writer AE 2.1
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImageMixer VCD2 for FinePix
    ImgBurn
    IsoBuster 2.8.5
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    JGoodies JDiskReport 1.3.1
    JGoodies JDiskReport 1.3.2
    K-Lite Mega Codec Pack 3.5.0
    Korg Kontrol Editor
    KORG Legacy Collection - DIGITAL EDITION
    KORG USB-MIDI Driver Tools for Windows
    Lexicon PSP 42 VST DX v1.0
    Line 6 Edit (remove only)
    Line 6 Uninstaller
    M-Audio Axiom Driver 1.1.1 (x86)
    Malwarebytes' Anti-Malware
    Maxtor OneTouch
    MediaCoder 0.6.2
    Melodyne 3.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works 4.5
    Microsoft Works Setup Launcher
    MicroStaff WINASPI
    Mindjet MindManager Pro 7
    MixPad Audio Mixer
    MobileMe Control Panel
    MP3 CD Converter 4.10
    MSM32Installer
    MSVC80_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    Native Instruments Kontakt 4
    Nero OEM
    NewProduct 1.00
    Nikon Message Center
    NVIDIA Drivers
    Paragon Hard Disk Manager 8 Special Edition
    PDF-XChange 3.0
    PictureProject
    PIF DESIGNER
    Polar WebLink 2.4.11
    Portrait Professional Max 6.3
    Prism Video Converter
    Project5 Version 2
    Project5 Version 2.5
    Quicken 2004
    QuickTime
    Radio365 2.0
    Radio365 2.1
    RAW FILE CONVERTER LE
    ReCycle v2.1
    SafeCast Shared Components
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SensorsView Pro 3.2
    Show Traffic 1.7.0
    Sibelius Scorch (ActiveX Only)
    Skins
    SONAR 8.0 Producer Edition
    SONAR 8.5 Producer
    Songsmith
    SopCast 3.0.3
    SoundMAX
    SoundTaxi 3.1.1
    SpeedFan (remove only)
    Spelling Dictionaries Support For Adobe Reader 8
    Spybot - Search & Destroy
    Steam
    Steinberg WaveLab 5.01b
    Studio Instruments 1.0
    SUPERAntiSpyware Free Edition
    Switch Sound File Converter
    System Requirements Lab CYRI
    Toxic DEMO v2.1
    Trilogy
    Ultimate Business Plan Starter
    Uniblue RegistryBooster 2
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URS Classic Console Strip Pro VST RTAS v1.0
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    VideoLAN VLC media player 0.8.6i
    Videora iPod Converter 3.08
    Villa Streams Player (remove only)
    Virsyn Tera VSTi RTAS v3.2.1
    VJOcx1.8
    Voxengo Lampthruster VST 2.3
    Voxengo Transmodder VST v1.1
    Voxengo Voxformer VST 1.6
    Voxengo Warmifier VST v1.4
    VSO CopyToDVD 4
    VstPlayer
    Vuze
    Vuze_Remote Toolbar
    WavePad Sound Editor
    Waves Diamond Bundle v5.2
    Waves IR 1
    Waves IR1 v5.0
    Waves IRx v5.2
    Waves L3 v5.2
    WebFldrs XP
    Winamp
    Windows Driver Package - Nokia Modem (05/22/2008 3.8)
    Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinFast(R) Display Driver
    WinPcap 4.1.1
    WinRAR archiver
    x264 Revision 534 x264.nl (remove only)
    x264 Revision 564 x264.nl (remove only)
    XML Paper Specification Shared Components Pack 1.0
    Xvid 1.1.3 final uninstall
    Yahoo! Install Manager
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    29/05/2011 05:38:08, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    29/05/2011 05:36:30, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 f78be928, parameter3 f78be624, parameter4 b5a89762.
    25/05/2011 22:52:18, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort0.
    23/05/2011 17:25:53, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
    .
    ==== End Of File ===========================
    Thanks for all your help; it is much appreciated.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    You're welcome- glad to help.

    I know this can be confusing. But the author of the program has written it it into the program which is why it displays. We tried to make it clear in the preliminary thread to ignore it:
    We added this to our instructions:
  8. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Yes, it is confusing plus the actual instruction in your original email reply wasn't easy to understand:

    ".....do not zip it and paste it, not attach."

    Hopefully I did what was required by pasting it?
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Sorry Paul- I don't know how much clearer that can be, If you have a suggestion, let me know.

    We'll continue after you've posted the Combofix log and I have reviewed it- so please post it when ready.
  10. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Please find ComboFix; Rkill and exehelper logs below. Please note that CF wouldn't run in Normal mode.

    exeHelper by Raktor
    Build 20100414
    Run at 15:27:28 on 12/29/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    exeHelper by Raktor
    Build 20100414
    Run at 15:27:28 on 12/29/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    ComboFix 11-12-29.04 - Paul L. Smith 29/12/2011 15:57:06.4.1 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1726 [GMT 0:00]
    Running from: f:\downloaded programs\ComboFix\Friday.exe
    AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle
    c:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle\ReCycle210.dat
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Paul L. Smith\Application Data\ACD Systems\ACDSee\ImageDB.ddf
    c:\documents and settings\Paul L. Smith\Application Data\Propellerhead Software\ReCycle
    c:\documents and settings\Paul L. Smith\Application Data\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
    c:\documents and settings\Paul L. Smith\WINDOWS
    c:\windows\system32\CF15081.exe
    c:\windows\system32\FE05DA0D.dll
    c:\windows\system32\FE05EFED.dll
    c:\windows\system32\FE05F051.dll
    c:\windows\system32\FE05F17D.dll
    c:\windows\system32\FE05F3D5.dll
    c:\windows\system32\FE05F3D6.dll
    c:\windows\system32\FE05F3D7.dll
    c:\windows\system32\Nagasoft
    c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
    c:\windows\system32\Nagasoft\Codecs\atrc.dll
    c:\windows\system32\Nagasoft\Codecs\cook.dll
    c:\windows\system32\Nagasoft\Codecs\drvc.dll
    c:\windows\system32\Nagasoft\Codecs\raac.dll
    c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
    c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
    c:\windows\system32\Nagasoft\GifShower.dll
    c:\windows\system32\Nagasoft\Uninstall.exe
    c:\windows\system32\Nagasoft\vjocx.dll
    c:\windows\system32\SET1E.tmp
    c:\windows\system32\SET22.tmp
    c:\windows\system32\SET2A.tmp
    I:\install.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_vvdsvc
    -------\Legacy_vvdsvc
    -------\Service_vvdsvc
    -------\Service_vvdsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-29 15:29 . 2011-12-29 15:29 -------- d-----w- C:\Friday
    2011-12-28 05:20 . 2011-12-29 16:24 -------- d-----w- C:\## aswSnx private storage
    2011-12-26 12:10 . 2011-12-26 12:10 -------- d-----w- c:\program files\Regensoft
    2011-12-26 12:10 . 2011-12-26 12:10 -------- d-----w- c:\program files\Red Kawa
    2011-12-18 02:38 . 2011-12-18 02:38 -------- d-----w- c:\documents and settings\Paul L. Smith\Application Data\DDMSettings
    2011-12-15 19:47 . 2011-12-15 19:49 -------- d-----w- c:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-28 18:01 . 2011-09-25 06:34 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2008-08-23 13:06 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:54 . 2011-09-25 06:35 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2011-11-28 17:53 . 2011-09-25 06:34 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2008-08-23 13:07 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:53 . 2011-09-25 06:34 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2011-11-28 17:52 . 2008-08-23 13:07 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2008-08-23 13:07 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2008-08-23 13:07 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-11-28 17:51 . 2008-08-23 13:07 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-11-28 17:51 . 2008-08-23 13:07 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-28 17:48 . 2008-08-23 13:07 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-11-23 13:25 . 2008-09-03 06:21 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 22:10 . 2011-05-17 06:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-10 05:54 . 2010-12-28 17:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 03:27 . 2007-10-08 11:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-04 19:20 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2008-09-03 06:22 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2008-09-03 06:21 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2008-09-03 06:21 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2008-09-03 06:21 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2008-09-03 06:21 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll
    2011-10-18 11:13 . 2008-09-03 06:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2008-09-03 06:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2008-03-21 08:05 . 2008-03-21 07:29 719174560 ----a-w- c:\program files\ADBEPPROCS3_ALP.exe
    2004-10-04 07:56 . 2004-10-06 11:39 28676096 ----a-w- c:\program files\StylusRMX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-27 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HD Writer.lnk - c:\program files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-3-19 308640]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-11-30 17:54 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "Midi1"=ma_cmidn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
    backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-09-11 00:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    2008-11-23 00:36 203720 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FP Loader]
    2007-10-22 08:50 24576 ----a-w- c:\windows\system32\loadfp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-08-11 15:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-08-11 15:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
    2004-08-31 09:23 823296 ----a-w- c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
    2007-05-18 00:05 37392 ----a-r- c:\program files\Mindjet\MindManager 7\MmReminderService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-09-17 22:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-09-17 22:55 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-09-17 22:55 1657376 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-09-27 08:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [25/09/2011 06:34 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [25/09/2011 06:34 195416]
    R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [28/09/2007 13:14 30808]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [15/08/2011 11:32 13496]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/11/2008 17:13 717296]
    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [23/09/2007 08:06 11264]
    S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [25/09/2011 06:35 111320]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/09/2011 06:34 435032]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/08/2008 13:07 314456]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [19/08/2008 22:34 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [19/08/2008 22:34 67656]
    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 17:07 759048]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/08/2008 13:07 20568]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [25/09/2011 06:34 127192]
    S2 AxiomAudioDevMon;Axiom Audio Device Monitor;c:\program files\M-Audio\Axiom\AudioDevMon.exe [19/02/2010 15:21 1632776]
    S2 Fileprot;Fileprot;c:\windows\system32\drivers\fileprot.sys [22/10/2007 08:50 32491]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/12/2009 08:18 135664]
    S2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [23/01/2010 06:16 14416]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/12/2009 08:18 135664]
    S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [15/10/2009 01:12 22232]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [03/11/2007 11:23 2688]
    S3 MPD16USB;AKAIpro MPD16 Driver;c:\windows\system32\drivers\MPD16USB.sys [22/09/2007 14:56 21793]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 18:19 50704]
    S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/01/2008 16:14 47360]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [16/06/2011 17:29 16472]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [16/06/2011 17:29 11104]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [19/08/2008 22:34 12872]
    S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [03/11/2007 11:23 184320]
    S3 YH;YH;c:\docume~1\PAULL~1.SMI\LOCALS~1\Temp\YH.exe --> c:\docume~1\PAULL~1.SMI\LOCALS~1\Temp\YH.exe [?]
    S4 Scen_cl;Scen_cl; [x]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    vvdsvc REG_MULTI_SZ vvdsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
    .
    2011-06-12 c:\windows\Tasks\expressburnDowngrade.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-05-26 06:39]
    .
    2011-06-18 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-05-26 06:39]
    .
    2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 08:18]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 08:18]
    .
    2011-05-29 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2009-11-18 06:37]
    .
    2011-06-09 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-05-26 06:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: line6.net
    TCP: Interfaces\{C6420938-3115-4CE0-8437-D6D31209BF94}: NameServer = 192.168.2.1,192.168.2.2
    DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
    Notify-AtiExtEvent - (no file)
    SafeBoot-AVG Anti-Spyware Driver
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    MSConfigStartUp-EEventManager - c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    AddRemove-Cakewalk Rapture Expansion Pack 1 - c:\progra~1\Cakewalk\Rapture\Programs\EXPANS~1\UNWISE.EXE
    AddRemove-Cakewalk Rapture Expansion Pack 2 - c:\progra~1\Cakewalk\Rapture\Programs\EXPANS~1\UNWISE.EXE
    AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
    AddRemove-VJOcx1.8 - c:\windows\system32\Nagasoft\Uninstall.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-29 16:30
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1390067357-412668190-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4*(*‘%\OpenWithList]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-1390067357-412668190-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x*ª*j%\OpenWithList]
    @Class="Shell"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A74568E6-2FC0-9CE8-09EE-355CA8DC662E}\InProcServer32*]
    "jacbflfibbdebefkilep"=hex:6a,61,65,6b,68,65,67,68,63,70,70,6a,65,62,63,6f,6d,
    65,64,61,00,00
    "iacbllpjbjodcnfgnk"=hex:69,61,67,6b,69,64,64,67,67,68,6e,63,67,66,6e,6a,61,65,
    00,00
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\0a\05\0e\15\0e9N"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(228)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(1820)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-29 16:38:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-29 16:37
    .
    Pre-Run: 29,226,745,856 bytes free
    Post-Run: 31,246,704,640 bytes free
    .
    - - End Of File - - 9A9F3E6A61610D0D350AEA05078BBEEE



    I also ran Rkill in safe mode after I ran Combofix in Safe Mode (it wouldn't run in Normal mode).Rkill was run on 29/12/2011 at 16:40:52.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 29/12/2011 at 16:40:56.
  11. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    And finally, here's the CKFile log. Looking through them, they all seem legitimate to me and are only flagged because they have the word "crack" in them.

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\paul l. smith\start menu\programs\waves\documents\x-crackle help.lnk
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack5.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack6.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack7.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack4.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack1.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack2.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack3.flac
    c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack4.flac
    c:\program files\common files\native instruments\shared content\sounds\absynth 5\absynth 3\crackling water bottles.ksd
    c:\program files\common files\native instruments\shared content\sounds\absynth 5\instruments\tin crackling.ksd
    c:\program files\spectrasonics\sage\stylus rmx\patches\effects\racks\03-fx oriented\crackling stones.fxr_rmx
    c:\program files\spectrasonics\sage\stylus rmx\patches\multis\factory multis\hip-hop downtempo\095-crack hop.mlt_rmx
    c:\program files\spectrasonics\sage\stylus rmx\patches\multis\noizbox multis\rmx xpander multis\120-129 bpm\128-crackin the code.mlt_rmx
    c:\program files\u-he\presets\zebra2\pads\uh cracklepad.h2p
    c:\program files\u-he\presets\zebra2\pads evolving\sm mit a bissl crackle.h2p
    c:\program files\u-he\presets\zebra2\pads evolving\uh cracklepadxt.h2p
    c:\program files\u-he\presets\zebra2\tones\uh alien crack beam.h2p
    c:\program files\waves\plug-ins\xcrackle.dll
    c:\program files\waves\plug-ins\documents\xcrackle.pdf
    c:\program files\waves\plug-ins\plug-in settings\x-crackle settings.xps
    scanner sequence 3.ZZ.11.AUAAIT
    ----- EOF -----
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    I don't have time tonight to write the script to run through Combofix. Will return Monday.

    New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
  13. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Many thanks for all your help. Have a great New Years Eve break!
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Thought I might get few things done in my other life, but all of a sudden, Monday was here!

    From the CK Scan: The only place I see these files are from a torrent downloads: bonhatclosedshankz4crack1.flac
    Yes, they all have the word 'crack'- that's what the scan is for. A 'crackle' for wood or egg or other is different. Please tell me what the source of these files in the CK scan.

    You have file sharing programs- this coupled with the crack entries usually points in only one direction.
    ===========================================
    Run in Normal Mode:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\docume~1\PAULL~1.SMI\LOCALS~1\Temp\YH.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    DDS::
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
    DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxps://register.btinternet.com/templates/btwebcontrol028.cab
    SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
    RegLock::
    [HKEY_USERS\S-1-5-21-1390067357-412668190-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4*(*‘%\OpenWithList]
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A74568E6-2FC0-9CE8-09EE-355CA8DC662E}\InProcServer32*]
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    Clearjavacache::
    Driver::
    YH
    Scen_cl
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
  15. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Thanks Bobeye; I will run the script at the weekend when I will have more time as well as answering your question about the source of the file you detail.

    Happy New Year!
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    And a Happy New Year also. Post the logs when ready..
  17. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Bobbeye, sorry I have taken so long to get back to you but I had an overseas assignment to complete and have only just got back home. I have a couple of questions for you:

    Q1) What makes you believe these were part of a torrent d/l? This computer is a family machine that is old (its a P4) and has been used and abused over many years by family members so has all sorts of rubbish in it. Coincidentally, these problems of reappearing Malware seems to have coincided with my youngest daughter and her fiance moving in with us!

    Q2) What will the script do that you are asking me to run? Just curious - it certainly looks a piece of serious coding!

    Thanks again for all your help.
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    No problem! I still haven caught up from the time I took off during the holidays.

    1. Repeating:
    It is also of some concern that some entries I tried to identify were only displayed on unsafe sites.

    So you shouldn't be surprised that one of the offenders has been use of file sharing programs. Perhaps you can set up some ground rules and make use of the Content Advisor.

    2. The script removes bad entries> either malware itself, or vulnerabilities> for instance, I wrote script to remove the Vuze Toolbar. Some are to see what registry entries are for. The script is based on what I see in the Combofix log. The DDS entries are from considering entries in the DDS.txt log.I set 2 drivers and there files for removal >either bad or not being used.
  19. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Here's the text log:

    File::
    c:\docume~1\PAULL~1.SMI\LOCALS~1\Temp\YH.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    DDS::
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
    DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxps://register.btinternet.com/templates/btwebcontrol028.cab
    SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
    RegLock::
    [HKEY_USERS\S-1-5-21-1390067357-412668190-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4*(*‘%\OpenWithList]
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A74568E6-2FC0-9CE8-09EE-355CA8DC662E}\InProcServer32*]
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    Clearjavacache::
    Driver::
    YH
    Scen_cl
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Paul, the script I wrote you is suppose to be run in Combofix, per the instructions.
    * [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

    Code:
    The script to copy is in this code box.

    Once done, you Save this as CFScript.txt to the same location as Combofix.exe.

    Then you follow the animation to drag the CFScript.txt into the Combofix.exe.

    That will create a new log which you paste into the next reply.

    What you left for Here's the text log: is copy of the script entries, not the new Combofix log. You need to execute the script to run using the animation.
  21. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Sorry Bobbeye, je suis un *****!

    I had to run CF in safe mode to get it to run and then this site says that the file length is too long to paste so I have had to attach the file.
    --------------------Edit: Pasting Combofix log in sans SnaShot which was reviewed.
    ComboFix 12-01-21.02 - Paul L. Smith 22/01/2012 6:39.6.1 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1703 [GMT 0:00]
    Running from: f:\downloaded programs\ComboFix\ComboFix.exe
    Command switches used :: f:\downloaded programs\ComboFix\CFScript.txt
    AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\docume~1\PAULL~1.SMI\LOCALS~1\Temp\YH.exe"
    "c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Paul L. Smith\Application Data\ACD Systems\ACDSee\ImageDB.ddf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_YH
    -------\Service_Scen_cl
    -------\Service_YH
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2012-01-02 09:42 . 2012-01-02 09:42 -------- d-----w- c:\documents and settings\Paul L. Smith\Local Settings\Application Data\Flickr
    2012-01-02 09:42 . 2012-01-02 09:42 -------- d-----w- c:\documents and settings\Paul L. Smith\Application Data\Flickr
    2012-01-02 09:42 . 2012-01-02 09:42 -------- d-----w- c:\program files\Flickr Uploadr
    2012-01-02 08:09 . 2012-01-02 08:09 -------- d-----w- c:\documents and settings\Paul L. Smith\Local Settings\Application Data\PCHealth
    2011-12-29 15:29 . 2011-12-29 15:29 -------- d-----w- C:\Friday
    2011-12-26 12:10 . 2011-12-26 12:10 -------- d-----w- c:\program files\Regensoft
    2011-12-26 12:10 . 2011-12-26 12:10 -------- d-----w- c:\program files\Red Kawa
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-28 18:01 . 2011-09-25 06:34 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2008-08-23 13:06 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:54 . 2011-09-25 06:35 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2011-11-28 17:53 . 2011-09-25 06:34 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2008-08-23 13:07 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:53 . 2011-09-25 06:34 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2011-11-28 17:52 . 2008-08-23 13:07 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2008-08-23 13:07 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2008-08-23 13:07 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-11-28 17:51 . 2008-08-23 13:07 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-11-28 17:51 . 2008-08-23 13:07 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-28 17:48 . 2008-08-23 13:07 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-11-25 21:57 . 2008-09-03 06:21 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2008-09-03 06:21 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 22:10 . 2011-05-17 06:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-18 12:35 . 2008-09-03 06:21 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-10 05:54 . 2010-12-28 17:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 03:27 . 2007-10-08 11:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-04 19:20 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2008-09-03 06:22 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 15:28 . 2008-09-03 06:21 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28 . 2008-09-03 06:21 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2008-09-03 06:21 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2008-09-03 06:21 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2008-09-03 06:21 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2008-09-03 06:21 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2008-03-21 08:05 . 2008-03-21 07:29 719174560 ----a-w- c:\program files\ADBEPPROCS3_ALP.exe
    2004-10-04 07:56 . 2004-10-06 11:39 28676096 ----a-w- c:\program files\StylusRMX.dll

    ((((((((((((((((((((((((((((( SnapShot@2011-12-29_16.30.21)))))))))))))))))))))))))))))))))))))

    Edit: Lengthy Snapshot reviewed and removed by Bobbye

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-27 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HD Writer.lnk - c:\program files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-3-19 308640]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-11-30 17:54 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "Midi1"=ma_cmidn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
    backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-09-11 00:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    2008-11-23 00:36 203720 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FP Loader]
    2007-10-22 08:50 24576 ----a-w- c:\windows\system32\loadfp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-08-11 15:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-08-11 15:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
    2004-08-31 09:23 823296 ----a-w- c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
    2007-05-18 00:05 37392 ----a-r- c:\program files\Mindjet\MindManager 7\MmReminderService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-09-17 22:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-09-17 22:55 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-09-17 22:55 1657376 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-09-27 08:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [25/09/2011 06:34 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [25/09/2011 06:34 195416]
    R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [28/09/2007 13:14 30808]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [15/08/2011 11:32 13496]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/11/2008 17:13 717296]
    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [23/09/2007 08:06 11264]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [25/09/2011 06:35 111320]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/09/2011 06:34 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/08/2008 13:07 314456]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [19/08/2008 22:34 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [19/08/2008 22:34 67656]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 17:07 759048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/08/2008 13:07 20568]
    R2 AxiomAudioDevMon;Axiom Audio Device Monitor;c:\program files\M-Audio\Axiom\AudioDevMon.exe [19/02/2010 15:21 1632776]
    R2 Fileprot;Fileprot;c:\windows\system32\drivers\fileprot.sys [22/10/2007 08:50 32491]
    R2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [23/01/2010 06:16 14416]
    R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [03/11/2007 11:23 2688]
    R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/01/2008 16:14 47360]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [25/09/2011 06:34 127192]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/12/2009 08:18 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/12/2009 08:18 135664]
    S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [15/10/2009 01:12 22232]
    S3 MPD16USB;AKAIpro MPD16 Driver;c:\windows\system32\drivers\MPD16USB.sys [22/09/2007 14:56 21793]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 18:19 50704]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [16/06/2011 17:29 16472]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [16/06/2011 17:29 11104]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [19/08/2008 22:34 12872]
    S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [03/11/2007 11:23 184320]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    vvdsvc REG_MULTI_SZ vvdsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
    .
    2011-06-12 c:\windows\Tasks\expressburnDowngrade.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-05-26 06:39]
    .
    2011-06-18 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-05-26 06:39]
    .
    2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 08:18]
    .
    2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 08:18]
    .
    2011-05-29 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2009-11-18 06:37]
    .
    2011-06-09 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-05-26 06:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: line6.net
    TCP: Interfaces\{C6420938-3115-4CE0-8437-D6D31209BF94}: NameServer = 192.168.2.1,192.168.2.2
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-22 07:00
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\FP2000IF.CFG 504 bytes
    C:\## aswSnx private storage
    .
    scan completed successfully
    hidden files: 2
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1390067357-412668190-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4*(*‘%\OpenWithList]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-1390067357-412668190-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x*ª*j%\OpenWithList]
    @Class="Shell"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1188)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(3968)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\progra~1\FILEAS~1\FILEAS~1.DLL
    c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
    c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
    c:\program files\WinRAR\rarext.dll
    c:\progra~1\VSO\COPYTO~1\CTCDSH~1.DLL
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\context.dll
    c:\program files\7-Zip\7-zip.dll
    c:\program files\SUPERAntiSpyware\SASSEH.DLL
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    c:\windows\system32\wpdshext.dll
    c:\windows\system32\Audiodev.dll
    c:\windows\system32\WMVCore.DLL
    c:\windows\system32\WMASF.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    Completion time: 2012-01-22 07:08:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-22 07:08
    ComboFix2.txt 2011-12-29 16:38
    .
    Pre-Run: 30,403,756,032 bytes free
    Post-Run: 30,712,360,960 bytes free
    .
    - - End Of File - - 09B987CF57FD51FACABDCE0AD46B98E3


    .

    Attached Files:

    • log.txt
      File size:
      55.2 KB
      Views:
      3
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Yes, you got the lenthy SignCheck! Combofix puts it out at times and it makes the log very long.. However, it should be split into two posts and not attached.

    Okay, we've been at this for several weeks and should be rounding things up. There were 3 registry entries I wanted to open and set them up in the script. But either they didn't get copied or weren't removed> so we need to get some updates.

    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    ====================================
    • Download OTL from either of the links below and save it to your desktop.
      Link 1
      Link 2
      Note 1.: If you cannot run executable file, down OTL from either of the following links:
      http://oldtimer.geekstogo.com/OTL.com
      http://oldtimer.geekstogo.com/OTL.scr
      Note 2: Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.

      [*]Double click the OTL icon to run it.[​IMG]
      [*]The opened console will resemble this: [​IMG]
      [*]Set Output at the top to Minimal Output.
      [*]Check the boxes beside LOP Check and Purity Check.
      [*]Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
      [*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
      [*]When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
      [*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  23. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Malbytes Log:

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.28.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Paul L. Smith :: MUSIC-PC [administrator]

    28/01/2012 07:02:51
    mbam-log-2012-01-28 (07-02-51).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 619436
    Time elapsed: 4 hour(s), 34 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  24. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    OTL logfile created on: 28/01/2012 16:42:04 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = F:\Downloaded Programs\OTL
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.70% Memory free
    4.85 Gb Paging File | 4.30 Gb Available in Paging File | 88.61% Paging File free
    Paging file location(s): C:\pagefile.sys 3070 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.48 Gb Total Space | 28.21 Gb Free Space | 19.26% Space Free | Partition Type: NTFS
    Drive F: | 247.94 Gb Total Space | 14.61 Gb Free Space | 5.89% Space Free | Partition Type: NTFS
    Drive G: | 116.51 Gb Total Space | 46.91 Gb Free Space | 40.27% Space Free | Partition Type: NTFS
    Drive H: | 101.31 Gb Total Space | 42.08 Gb Free Space | 41.53% Space Free | Partition Type: NTFS
    Drive I: | 164.33 Gb Total Space | 104.94 Gb Free Space | 63.86% Space Free | Partition Type: NTFS
    Drive J: | 154.95 Gb Total Space | 136.79 Gb Free Space | 88.28% Space Free | Partition Type: NTFS
    Drive L: | 14.90 Gb Total Space | 14.77 Gb Free Space | 99.11% Space Free | Partition Type: FAT32

    Computer Name: MUSIC-PC | User Name: Paul L. Smith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - F:\Downloaded Programs\OTL\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files\M-Audio\Axiom\AudioDevMon.exe (M-Audio)
    PRC - C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
    PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
    PRC - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
    PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
    PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
    PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\defs\12012800\algo.dll ()
    MOD - C:\Program Files\AVAST Software\Avast\defs\12012701\algo.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV - (AppMgmt) -- File not found
    SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (AxiomAudioDevMon) -- C:\Program Files\M-Audio\Axiom\AudioDevMon.exe (M-Audio)
    SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (SoundMovieServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SoundMovieServer)
    SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
    SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
    SRV - (AVG Anti-Spyware Guard) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
    SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
    SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (aswNdis) -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys (ALWIL Software)
    DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
    DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
    DRV - (L6POD) -- C:\WINDOWS\system32\drivers\L6POD.sys (Line 6)
    DRV - (NCHSSVAD) SoundTap Recorder (32 Bit) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
    DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (KORGUMDS) -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS (KORG INC.)
    DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
    DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
    DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
    DRV - (sensorsview32) -- C:\WINDOWS\system32\drivers\sensorsview32.sys (OpenLibSys.org)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (Pcatip) -- C:\WINDOWS\system32\drivers\Pcatip.sys (VSO Software)
    DRV - (Fileprot) -- C:\WINDOWS\System32\drivers\fileprot.sys ()
    DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows (R) 2000/XP)
    DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows (R) 2000 DDK provider)
    DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()
    DRV - (AVG Anti-Spyware Driver) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
    DRV - (AvgAsCln) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
    DRV - (hotcore2) -- C:\WINDOWS\system32\drivers\hotcore2.sys (Paragon Software Group)
    DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
    DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
    DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
    DRV - (MaxtorFrontPanel1) -- C:\WINDOWS\system32\drivers\mxofwfp.sys (Maxtor Corp.)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
    DRV - (MPD16USB) -- C:\WINDOWS\system32\drivers\MPD16USB.sys (AKAI professional M.I. Corp.)
    DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH)
    DRV - (FINEPIX_PCC) -- C:\WINDOWS\system32\drivers\V4CB0109.SYS (FUJI PHOTO FILM CO.,LTD.)
    DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
    DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/18 02:37:15 | 000,000,000 | ---D | M]

    [2012/01/02 09:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul L. Smith\Application Data\Mozilla\Extensions
    [2012/01/02 09:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul L. Smith\Application Data\Mozilla\Extensions\uploadr@flickr.com

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=642886&p={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.71\npGoogleUpdate3.dll
    CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
    CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
    CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: avast! WebRep = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/01/22 07:00:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer.lnk = C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198910439140 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
    O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (DownloadManager Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6420938-3115-4CE0-8437-D6D31209BF94}: NameServer = 192.168.2.1,192.168.2.2
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/09/21 21:24:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/27 07:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2012/01/27 07:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/01/22 06:56:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/01/22 06:09:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/01/22 06:09:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/01/22 06:09:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/01/22 06:09:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/01/02 09:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul L. Smith\Application Data\Mozilla
    [2012/01/02 09:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Flickr
    [2012/01/02 09:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul L. Smith\Application Data\Flickr
    [2012/01/02 09:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Flickr Uploadr
    [2012/01/02 08:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\PCHealth
    [2009/11/20 18:21:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Paul L. Smith\Application Data\pcouffin.sys
    [2008/03/21 07:29:03 | 719,174,560 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\ADBEPPROCS3_ALP.exe
    [2004/10/06 11:39:57 | 028,676,096 | ---- | C] (Spectrasonics) -- C:\Program Files\StylusRMX.dll
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/28 16:14:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/28 07:00:41 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/28 06:56:24 | 000,073,308 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/01/28 06:56:06 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/28 06:55:21 | 000,013,768 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/28 06:55:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/27 07:08:32 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/01/26 19:33:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/01/26 09:12:40 | 000,001,365 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
    [2012/01/26 02:16:43 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/01/22 07:00:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/01/22 06:36:18 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut (2) to ComboFix.exe.lnk
    [2012/01/22 06:05:36 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to ComboFix.exe.lnk
    [2012/01/12 19:46:40 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2012/01/12 03:06:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/01/08 20:33:44 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 4.0.lnk
    [2012/01/02 09:42:33 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Flickr Uploadr.lnk
    [2012/01/01 03:03:53 | 000,444,392 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/01/01 03:03:53 | 000,072,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/29 17:08:53 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to CKScanner.exe.lnk
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/28 07:00:41 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/27 07:08:32 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/01/22 06:36:18 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut (2) to ComboFix.exe.lnk
    [2012/01/22 06:09:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/22 06:09:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/22 06:09:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/22 06:09:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/22 06:09:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/01/22 06:05:36 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to ComboFix.exe.lnk
    [2012/01/02 09:42:33 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Start Menu\Programs\Flickr Uploadr.lnk
    [2012/01/02 09:42:33 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Flickr Uploadr.lnk
    [2011/12/29 17:08:59 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to CKScanner.exe.lnk
    [2011/08/15 11:32:49 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
    [2011/08/15 11:32:49 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
    [2011/06/16 17:29:03 | 000,910,920 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
    [2011/06/16 17:29:03 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2011/06/16 17:29:02 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2011/05/25 21:37:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\lang.ini
    [2011/04/21 16:43:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
    [2011/02/04 17:07:27 | 000,183,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/12/01 17:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
    [2010/02/07 10:22:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2010/02/07 10:22:45 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2010/02/07 10:22:45 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2010/02/07 10:22:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2010/01/09 11:44:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
    [2009/11/20 18:27:05 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\vso_ts_preview.xml
    [2009/11/20 18:21:38 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\inst.exe
    [2009/11/20 18:21:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\pcouffin.cat
    [2009/11/20 18:21:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\pcouffin.inf
    [2009/11/20 13:55:54 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2009/11/20 13:55:54 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2009/11/20 13:55:54 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/11/20 13:55:54 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/11/15 12:34:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/11/06 15:36:07 | 000,051,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/10/20 18:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2009/08/08 10:05:44 | 000,008,330 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Spectrasonicsml.html
    [2009/06/21 21:01:02 | 000,000,093 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
    [2009/06/21 21:00:39 | 000,000,032 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\3336a8a31588d39509b23eff4c71869e_Paul L. Smith
    [2009/05/29 12:19:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\SpriteKt.ini
    [2009/05/29 12:19:42 | 000,007,184 | ---- | C] () -- C:\WINDOWS\sounder.ini
    [2009/05/21 16:48:40 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2009/05/21 16:48:39 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/05/21 16:48:38 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/05/21 16:48:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2009/05/21 16:48:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2009/05/21 16:48:36 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/05/21 16:48:36 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2009/05/21 16:48:36 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2009/05/21 16:48:33 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2009/05/21 16:48:26 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2009/05/15 13:37:00 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\fusioncache.dat
    [2009/05/04 09:01:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/01/25 08:19:13 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\minimp3.exe
    [2008/11/14 09:22:56 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2008/11/14 09:22:55 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\PnkBstrK.sys
    [2008/11/14 09:22:39 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2008/11/14 09:22:36 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2008/11/14 09:22:34 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
    [2008/10/25 13:36:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
    [2008/10/25 13:36:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
    [2008/10/06 17:35:09 | 000,000,379 | ---- | C] () -- C:\WINDOWS\GearBox.ini
    [2008/09/27 06:08:19 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ngxt.bin
    [2008/09/16 15:56:07 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
    [2008/09/16 15:56:07 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
    [2008/09/03 06:22:52 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
    [2008/09/03 06:22:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2008/09/03 06:22:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2008/09/03 06:22:42 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2008/09/03 06:22:27 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2008/09/03 06:21:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2008/05/12 08:03:31 | 000,000,472 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/05/12 07:58:30 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2008/04/05 06:13:44 | 000,000,370 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
    [2008/03/20 14:40:29 | 000,000,395 | ---- | C] () -- C:\WINDOWS\videoimp.ini
    [2008/03/20 14:40:20 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2008/03/12 06:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI
    [2008/01/25 16:47:54 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/01/10 10:38:39 | 000,038,488 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\Comma Separated Values (Windows).ADR
    [2008/01/03 08:17:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2008/01/03 08:17:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2008/01/03 08:17:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2008/01/03 08:17:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2008/01/03 08:17:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2008/01/03 08:17:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2008/01/03 08:17:19 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2008/01/03 08:17:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2008/01/03 08:17:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2008/01/03 08:17:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2008/01/03 08:17:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2008/01/03 08:17:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2008/01/03 08:17:19 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2008/01/03 08:17:19 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2008/01/03 08:17:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2008/01/03 08:15:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX700E.ini
    [2007/12/30 11:05:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    [2007/12/30 11:03:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Soundtrack
    [2007/12/30 11:03:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\Smooth Strings
    [2007/12/30 11:03:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
    [2007/12/30 11:03:05 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Speech Enhancer
    [2007/12/29 06:18:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/12/29 05:45:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\qwimp.ini
    [2007/12/29 05:38:45 | 000,001,365 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2007/12/29 05:38:45 | 000,000,037 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2007/11/03 11:17:23 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
    [2007/10/22 08:50:30 | 000,032,491 | ---- | C] () -- C:\WINDOWS\System32\drivers\fileprot.sys
    [2007/10/22 08:50:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\loadfp.exe
    [2007/10/20 09:43:31 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2007/10/20 09:43:28 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2007/10/20 09:43:28 | 000,579,602 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
    [2007/10/20 09:43:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2007/10/12 16:04:02 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2007/10/12 14:39:20 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
    [2007/10/05 18:29:57 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/09/28 13:16:33 | 000,000,050 | ---- | C] () -- C:\WINDOWS\RKACCUBURN.INI
    [2007/09/28 13:14:02 | 004,239,360 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
    [2007/09/23 08:06:27 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe
    [2007/09/23 06:18:36 | 000,331,263 | ---- | C] () -- C:\WINDOWS\LOOP.exe
    [2007/09/22 15:10:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2007/09/22 13:41:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
    [2007/09/22 09:19:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2007/09/22 08:22:47 | 000,003,422 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2007/09/22 08:22:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2007/09/21 22:08:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/09/21 22:07:46 | 001,542,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2007/09/21 21:25:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2007/09/21 21:22:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/05/22 11:47:24 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2004/12/21 11:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
    [2004/08/26 11:53:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\MXONmSpace.dll
    [2004/08/26 11:49:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MXONmSpMFC.dll
    [2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/03/31 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/03/31 12:00:00 | 000,444,392 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/03/31 12:00:00 | 000,072,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/03/31 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
    [2002/03/21 13:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
    [2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
    [2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
    [2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
    [2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
    [2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
    [2002/03/20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
    [1998/06/02 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
    [1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
  25. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    ========== LOP Check ==========

    [2007/11/03 10:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
    [2011/08/01 21:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
    [2011/09/25 06:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2008/02/17 03:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
    [2007/11/09 17:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2010/12/28 14:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
    [2007/12/30 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2010/11/30 20:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2007/12/30 20:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2008/02/17 03:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2008/10/26 05:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
    [2009/01/19 18:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/08/22 05:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2011/11/12 07:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
    [2010/03/20 17:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
    [2008/10/07 18:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6(2)
    [2007/10/12 16:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2008/11/06 16:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
    [2010/02/07 11:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2011/11/14 18:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
    [2009/10/04 10:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
    [2011/06/02 06:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2007/12/30 11:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2008/11/07 18:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
    [2011/03/19 07:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
    [2008/11/07 18:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PAS
    [2008/02/29 08:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/12/29 16:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
    [2011/02/04 07:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2009/11/15 06:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SideKickReg
    [2009/08/03 05:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SIR
    [2009/04/10 09:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spectrasonics
    [2010/02/07 11:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2010/11/30 20:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2007/12/30 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2009/11/20 18:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
    [2009/03/12 22:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/08 07:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/19 12:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/08 17:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/03/23 17:09:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
    [2010/03/23 17:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
    [2009/09/19 12:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{EFBDC0EC-2698-4A44-8AAD-4113D6D8BB82}
    [2007/11/03 10:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\ACD Systems
    [2008/09/11 16:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Anthropics
    [2011/12/27 01:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Azureus
    [2009/12/22 07:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Cakewalk
    [2011/12/18 02:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\DDMSettings
    [2010/12/01 06:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\EPSON
    [2012/01/02 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Flickr
    [2008/03/20 14:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\FUJIFILM
    [2007/10/12 16:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Grisoft
    [2009/12/31 07:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\ImgBurn
    [2009/12/30 04:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\JGoodies
    [2010/03/06 01:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\KORG
    [2010/02/20 08:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Lexicon PCM Native
    [2010/03/20 10:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Line 6
    [2008/01/10 08:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\LinkedIn
    [2011/06/02 06:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\NCH Swift Sound
    [2007/12/30 11:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Nikon
    [2008/04/25 07:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Nokia
    [2008/11/07 18:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Palo Alto Software
    [2008/10/04 18:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\PC Suite
    [2009/06/21 21:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Plogue
    [2011/12/29 16:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Propellerhead Software
    [2011/02/04 07:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Research In Motion
    [2010/01/13 07:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\SIR
    [2008/05/06 12:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Uniblue
    [2011/05/25 21:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Vso
    [2011/06/12 09:44:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
    [2011/06/18 09:44:04 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
    [2011/05/29 06:42:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
    [2011/06/09 05:58:02 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2001/05/24 11:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


    < MD5 for: EXPLORER.EXE >
    [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
    [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 11:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
    [2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
    [2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < %systemroot%\*. /mp /s >

    < End of report >
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.