Malware keeps infecting my PC

Inactive
By Paul881
Dec 27, 2011
Topic Status:
Not open for further replies.
  1. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    OTL Extras logfile created on: 28/01/2012 16:42:05 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = F:\Downloaded Programs\OTL
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.70% Memory free
    4.85 Gb Paging File | 4.30 Gb Available in Paging File | 88.61% Paging File free
    Paging file location(s): C:\pagefile.sys 3070 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.48 Gb Total Space | 28.21 Gb Free Space | 19.26% Space Free | Partition Type: NTFS
    Drive F: | 247.94 Gb Total Space | 14.61 Gb Free Space | 5.89% Space Free | Partition Type: NTFS
    Drive G: | 116.51 Gb Total Space | 46.91 Gb Free Space | 40.27% Space Free | Partition Type: NTFS
    Drive H: | 101.31 Gb Total Space | 42.08 Gb Free Space | 41.53% Space Free | Partition Type: NTFS
    Drive I: | 164.33 Gb Total Space | 104.94 Gb Free Space | 63.86% Space Free | Partition Type: NTFS
    Drive J: | 154.95 Gb Total Space | 136.79 Gb Free Space | 88.28% Space Free | Partition Type: NTFS
    Drive L: | 14.90 Gb Total Space | 14.77 Gb Free Space | 99.11% Space Free | Partition Type: FAT32

    Computer Name: MUSIC-PC | User Name: Paul L. Smith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
    Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
    "C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
    "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
    "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
    "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
    "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{067B277E-F94B-4F04-B380-BA967C00377C}_is1" = MiniTool Partition Wizard Home Edition 6.0
    "{10162E91-BB26-AF99-909C-E840C15890E8}" = Catalyst Control Center Graphics Full Existing
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{12C8466B-9E6E-4C0C-BBA3-F05EDF5C8ECA}" = Polar WebLink 2.4.11
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1EABDDCB-B788-4FD2-BA76-23472D8DD1D6}" = EPSON Easy Photo Print
    "{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20585CDC-114E-4372-986A-0686B1A37A30}" = Business Plan Pro 2007
    "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.2
    "{263D0845-6A38-4B83-ACF5-C48E0C62450B}" = M-Audio Axiom Driver 1.1.1 (x86)
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 30
    "{29C0E9C5-7718-D07B-633F-FD5BE27BBCE5}" = ccc-core-preinstall
    "{2A5782B3-9767-5DF6-8F5A-4900CD698845}" = Catalyst Control Center Graphics Light
    "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
    "{2BB07452-57ED-42CC-AEFF-7A0090C934E9}" = Songsmith
    "{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
    "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{366CC735-543D-42CB-9C03-D7512314DE52}" = Quicken 2004
    "{38EC695A-64CD-7C76-3C21-9ECB49880C70}" = Catalyst Control Center Core Implementation
    "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{47E0F183-E938-A97E-A3CF-9FD4D9893439}" = ccc-core-static
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{508D86EE-931E-4DEA-0BF8-25E30CE9EB42}" = ccc-utility
    "{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
    "{556A649F-72D2-4E41-A40C-794E0277AADB}" = System Requirements Lab CYRI
    "{55A75679-02D1-4C8C-85CA-B4E4DF4D775F}" = MSM32Installer
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7A81A7E3-7391-ADFF-9014-F8F45F0337F6}" = CCC Help English
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{805C099D-2A20-DBF8-780C-52CA10916A14}" = Catalyst Control Center Graphics Full New
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E79A5A3-AA5F-DA1F-4BF2-EEC290A08709}" = Skins
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
    "{95868E9A-0225-4960-8266-99EDBD1CD3FF}" = Mindjet MindManager Pro 7
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A315C579-8E9C-4C39-B13F-CD31FE47F717}" = ACDSee 4.0.2 Standard
    "{A3A1A5F0-0B94-4E69-B3E1-92F25E31BEE9}" = H264 Codecs
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC4BDEB4-E06A-4605-B5D2-2FE6750681A5}" = HD Writer AE 2.1
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
    "{C064F50C-4B08-3136-48F5-B92130A47267}" = Catalyst Control Center Graphics Previews Common
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C6FF65DB-B18E-4F0E-948F-E058E67BAF48}" = VstPlayer
    "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0AD2C2E-E1EB-48E9-BDA8-AE4B9FFAB5B0}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8310 smartphone
    "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
    "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
    "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.5.315
    "{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1" = MiniTool Partition Wizard Home Edition 7.0
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
    "{E9E4BB29-FA98-401B-9EDE-9906906E33DE}" = Paragon Hard Disk Manager 8 Special Edition
    "{EC015649-3B3C-4611-9C66-453F8011E944}" = Native Instruments Kontakt 4
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
    "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "{FD04987D-96A6-4FE1-813B-82B77B8B809C}" = EPSON PRINT Image Framer Tool
    "{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    "7-Zip" = 7-Zip 4.65
    "8461-7759-5462-8226" = Vuze
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
    "Advanced X Video Converter_is1" = Advanced X Video Converter
    "AltoMP3 Gold" = AltoMP3 Gold 5.20
    "Amazing Sounds CDxtract v4.1.2" = Amazing Sounds CDxtract v4.1.2
    "ArcSoft VideoImpression 16FP" = ArcSoft VideoImpression 1.6FP
    "ASAPI Update" = ASAPI Update
    "Atmosphere_is1" = Atmosphere
    "avast" = avast! Internet Security
    "AVFC TV" = AVFC TV
    "AVFCForum" = Villa Streams Player (remove only)
    "AviSynth" = AviSynth 2.5
    "BBC iPlayer Download Manager" = BBC iPlayer Download Manager
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
    "BlindWrite 5_is1" = BlindWrite5
    "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
    "Cakewalk Dimension Pro Expansion Pack 2_is1" = Dimension Pro XP2
    "Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
    "Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
    "Camel Audio Cameleon 5000 v1.7 VSTi" = Camel Audio Cameleon 5000 v1.7 VSTi
    "CCleaner" = CCleaner
    "CdaC13Ba" = SafeCast Shared Components
    "CDex" = CDex extraction audio
    "ChordWizard Gold 2.0" = ChordWizard Gold 2.0
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup" = DivX Setup
    "eMule" = eMule
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON PX720WD Series" = EPSON PX720WD Series Printer Uninstall
    "EPSON PX720WD Series Manual" = EPSON PX720WD Series Manual
    "EPSON PX720WD Series Network Guide" = EPSON PX720WD Series Network Guide
    "EPSON Scanner" = EPSON Scan
    "ESPRX700 User's Guide" = ESPRX700 User's Guide
    "ExpressBurn" = Express Burn Disc Burning Software
    "Extreme Sample Converter_is1" = Extreme Sample Converter v3.1.3.1156
    "ffdshow" = ffdshow
    "ffdshow_is1" = ffdshow [rev 1943] [2008-04-16]
    "FileASSASSIN" = FileASSASSIN
    "Flickr Uploadr" = Flickr Uploadr 3.2.1
    "Free Create-Burn ISO Image_is1" = Free Create-Burn ISO Image v2.0
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
    "Gogo MP3 To CD Burner_is1" = Gogo MP3 To CD Burner
    "Google Chrome" = Google Chrome
    "GPL Ghostscript 8.60" = GPL Ghostscript 8.60
    "GPL Ghostscript Fonts" = GPL Ghostscript Fonts
    "GSview 4.8" = GSview 4.8
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "impOSCar" = GForce - impOSCar
    "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "InstallShield_{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "IsoBuster_is1" = IsoBuster 2.8.5
    "JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
    "JDiskReport 1.3.2" = JGoodies JDiskReport 1.3.2
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.5.0
    "Line 6 Edit" = Line 6 Edit (remove only)
    "Line 6 Uninstaller" = Line 6 Uninstaller
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "MediaCoder" = MediaCoder 0.6.2
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MP3 CD Converter_is1" = MP3 CD Converter 4.10
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
    "MWASPI" = MicroStaff WINASPI
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "NewProduct 1.00" = NewProduct 1.00
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PDF-XChange 3_is1" = PDF-XChange 3.0
    "Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
    "Prism" = Prism Video Converter
    "Project5 Version 2" = Project5 Version 2
    "Project5 Version 2.5" = Project5 Version 2.5
    "Radio365 2.0" = Radio365 2.0
    "Radio365 2.1" = Radio365 2.1
    "ReCycle v2.1" = ReCycle v2.1
    "SensorsView Pro 3.2" = SensorsView Pro 3.2
    "Show Traffic_is1" = Show Traffic 1.7.0
    "Smart Defrag 2_is1" = Smart Defrag 2
    "SONAR85Producer_is1" = SONAR 8.5 Producer
    "SONAR8Producer_is1" = SONAR 8.0 Producer Edition
    "SopCast" = SopCast 3.0.3
    "SoundTaxi_is1" = SoundTaxi 3.1.1
    "SpeedFan" = SpeedFan (remove only)
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steinberg WaveLab 5.01b" = Steinberg WaveLab 5.01b
    "Switch" = Switch Sound File Converter
    "Toxic DEMO_is1" = Toxic DEMO v2.1
    "Ultimate Business Plan Starter" = Ultimate Business Plan Starter
    "URS Classic Console Strip Pro VST RTAS_is1" = URS Classic Console Strip Pro VST RTAS v1.0
    "Veetle TV" = Veetle TV 0.9.18
    "Videora iPod classic Converter" = Videora iPod classic Converter 6
    "Videora iPod Converter" = Videora iPod Converter 3.08
    "Virsyn Tera VSTi RTAS_is1" = Virsyn Tera VSTi RTAS v3.2.1
    "VLC media player" = VideoLAN VLC media player 0.8.6i
    "Voxengo Lampthruster VST" = Voxengo Lampthruster VST 2.3
    "Voxengo Transmodder VST v1.1" = Voxengo Transmodder VST v1.1
    "Voxengo Voxformer VST" = Voxengo Voxformer VST 1.6
    "Voxengo Warmifier VST v1.4" = Voxengo Warmifier VST v1.4
    "WavePad" = WavePad Sound Editor
    "Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
    "Waves IR 1" = Waves IR 1
    "Waves IR1 v5.0" = Waves IR1 v5.0
    "Waves IRx v5.2" = Waves IRx v5.2
    "Waves L3 v5.2" = Waves L3 v5.2
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinPcapInst" = WinPcap 4.1.1
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works" = Microsoft Works 4.5
    "Works99Setup" = Microsoft Works Setup Launcher
    "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
    "x264 Revision 534 x264.nl" = x264 Revision 534 x264.nl (remove only)
    "x264 Revision 564 x264.nl" = x264 Revision 564 x264.nl (remove only)
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Xvid_is1" = Xvid 1.1.3 final uninstall
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager
    "YouTube Downloader App" = YouTube Downloader App 3.00

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 26/07/2011 16:02:10 | Computer Name = MUSIC-PC | Source = avast! | ID = 33554522
    Description =

    Error - 26/07/2011 16:02:10 | Computer Name = MUSIC-PC | Source = avast! | ID = 33554522
    Description =

    Error - 21/08/2011 02:11:11 | Computer Name = MUSIC-PC | Source = avast! | ID = 33554522
    Description =

    Error - 21/08/2011 02:15:08 | Computer Name = MUSIC-PC | Source = avast! | ID = 33554522
    Description =

    Error - 21/08/2011 02:15:09 | Computer Name = MUSIC-PC | Source = avast! | ID = 33554522
    Description =

    Error - 02/09/2011 09:19:54 | Computer Name = MUSIC-PC | Source = avast! | ID = 33554522
    Description =

    Error - 02/09/2011 09:23:38 | Computer Name = MUSIC-PC | Source = avast! | ID = 33554522
    Description =

    Error - 02/09/2011 09:23:38 | Computer Name = MUSIC-PC | Source = avast! | ID = 33554522
    Description =

    Error - 14/09/2011 11:17:16 | Computer Name = MUSIC-PC | Source = avast! | ID = 33554522
    Description =

    Error - 16/09/2011 10:48:22 | Computer Name = MUSIC-PC | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 08/01/2012 05:13:14 | Computer Name = MUSIC-PC | Source = Application Error | ID = 1000
    Description = Faulting application mplayerc.exe, version 6.4.9.1, faulting module
    unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 09/01/2012 04:08:39 | Computer Name = MUSIC-PC | Source = Application Error | ID = 1000
    Description = Faulting application mplayerc.exe, version 6.4.9.1, faulting module
    unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 09/01/2012 04:15:19 | Computer Name = MUSIC-PC | Source = Application Hang | ID = 1002
    Description = Hanging application gspot.exe, version 2.7.0.1, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 09/01/2012 04:16:05 | Computer Name = MUSIC-PC | Source = Application Error | ID = 1000
    Description = Faulting application gspot.exe, version 2.7.0.1, faulting module unknown,
    version 0.0.0.0, fault address 0x00000000.

    Error - 13/01/2012 13:20:27 | Computer Name = MUSIC-PC | Source = Application Error | ID = 1000
    Description = Faulting application e_farngye.exe, version 7.0.0.0, faulting module
    e_faprgye.dll, version 7.0.1.0, fault address 0x000817c8.

    Error - 18/01/2012 18:08:11 | Computer Name = MUSIC-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module scorchaxplugin.dll, version 6.2.0.88, fault address 0x002abf15.

    Error - 20/01/2012 12:32:18 | Computer Name = MUSIC-PC | Source = Application Hang | ID = 1002
    Description = Hanging application Friday.exe, version 11.12.29.4, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 28/01/2012 02:44:51 | Computer Name = MUSIC-PC | Source = Application Error | ID = 1000
    Description = Faulting application mplayerc.exe, version 6.4.9.1, faulting module
    unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 28/01/2012 02:53:53 | Computer Name = MUSIC-PC | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x033c0fd5.

    Error - 28/01/2012 02:54:00 | Computer Name = MUSIC-PC | Source = Application Error | ID = 1000
    Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
    dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

    [ System Events ]
    Error - 22/01/2012 02:22:10 | Computer Name = MUSIC-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 AFD aswFW aswRdr aswSnx aswSP aswTdi AVG Anti-Spyware Driver Fips intelppm IPSec
    MRxSmb
    NetBIOS
    NetBT
    RasAcd
    Rdbss
    SASDIFSV
    SASKUTIL
    Tcpip

    Error - 22/01/2012 02:22:25 | Computer Name = MUSIC-PC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 22/01/2012 02:23:02 | Computer Name = MUSIC-PC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 22/01/2012 02:24:07 | Computer Name = MUSIC-PC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 22/01/2012 02:25:10 | Computer Name = MUSIC-PC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 22/01/2012 02:35:21 | Computer Name = MUSIC-PC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 22/01/2012 02:36:16 | Computer Name = MUSIC-PC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 22/01/2012 02:36:20 | Computer Name = MUSIC-PC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 22/01/2012 03:03:10 | Computer Name = MUSIC-PC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 22/01/2012 03:04:27 | Computer Name = MUSIC-PC | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.


    < End of report >
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +33

    Paul, bring me up to date on the system. As you note, I edited the SnapShot section out orf Combofix after reviewing it. (You can't do this) because it's too hard to check and copy/paste entries if I need to ID.

    You are still showing 3 outdated versions of Java. These are all vulnerabilities to the system. Please do a chek in Add/Remove Program and make sure only Java v6u30 is listed. You will keep getting malware.

    I note you have all of these running during the scan: DLLs loading and executables running
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\context.dll
    c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
    c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
    c:\program files\SUPERAntiSpyware\SASSEH.DLL
    ------------------------
    Other Running Processes ------------------------
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    You should do an uninstall of the AVG product. Just because it expires and you stopped using it doesn't not stop it from loading and running proesses.
    =====================================
    Question: Are you running one of the business plans from Palo Alto Software? I ask becaue I see the registry loading an update manager for it.

    What is status of online connection? Normal Mode? Safe Mode with Networking?
  3. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Thanks Bobbeye. I am down in the Middle East currently and back home at the weekend. I'll carry out the actions that you indicate in your last post then and get back to you with answers to your questions. Thanks for all your help.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +33

    You're very welcome! Stay safe. Post when you can. Please bring me up to date then.
  5. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Bobbeye, I have now removed the outdated versions of Java and removed AVG. I also deleted Palo Alto Business Plan software.

    Should I keep Super Spy? My main anti virus is Avast Pro.

    How do I check the status of my network connection ie safe or normal?
  6. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    My PC operates in Normal mode to connect to the internet. I only use Safe mode when there are problems with programs etc.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +33

    Okay, you're looking good! A few entries to remove:

    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      [2011/08/01 21:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
      [2007/11/09 17:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
      [2011/12/27 01:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Azureus
      [2008/11/07 18:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Palo Alto Software
      [2008/05/06 12:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Uniblue
      regfile [merge] -- Reg Error: Key error.
      txtfile [edit] -- Reg Error: Key error.
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{3248F0A8-6813-11D6-A77B-00B0D0150040}" =-
      "{3248F0A8-6813-11D6-A77B-00B0D0160030}" =-
      "{3248F0A8-6813-11D6-A77B-00B0D0160050}" =-
      "{3248F0A8-6813-11D6-A77B-00B0D0160070}" =-
      "eMule" =-
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=-
      "c:\\Program Files\\Azureus\\Azureus.exe"=-
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    =======================================
    Let's update and rescan with Eset Online virus scan to make sure there is nothing new:
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ==================================
    A note on the file sharing: emule and Vuze Remove Toolbar:
    If you are still using these, please read of the potential dangers:
    • Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall both for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
    ========================================
    I also recommend uninstalling the Registry Optimizer. We do not recommend that anyone use a registry cleaner. The risk using these types of programs far outweigh any benefit.
    ======================================
    Please run the Security Check:
    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    ========================================
    Please leave both in the next reply. If everything has been resolved, I'll have you remove all of the cleaning tools.
  8. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Here's the latest OTL log . BTW, it took over 6+ hours to scan!!!!

    OTL logfile created on: 05/02/2012 12:42:33 - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = F:\Downloaded Programs\OTL
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.53% Memory free
    4.85 Gb Paging File | 4.55 Gb Available in Paging File | 93.71% Paging File free
    Paging file location(s): C:\pagefile.sys 3070 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.48 Gb Total Space | 28.13 Gb Free Space | 19.20% Space Free | Partition Type: NTFS
    Drive F: | 247.94 Gb Total Space | 14.47 Gb Free Space | 5.84% Space Free | Partition Type: NTFS
    Drive G: | 116.51 Gb Total Space | 46.91 Gb Free Space | 40.27% Space Free | Partition Type: NTFS
    Drive H: | 101.31 Gb Total Space | 42.08 Gb Free Space | 41.53% Space Free | Partition Type: NTFS
    Drive I: | 164.33 Gb Total Space | 104.94 Gb Free Space | 63.86% Space Free | Partition Type: NTFS
    Drive J: | 154.95 Gb Total Space | 136.79 Gb Free Space | 88.28% Space Free | Partition Type: NTFS
    Drive L: | 14.90 Gb Total Space | 14.77 Gb Free Space | 99.11% Space Free | Partition Type: FAT32

    Computer Name: MUSIC-PC | User Name: Paul L. Smith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - F:\Downloaded Programs\OTL\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files\M-Audio\Axiom\AudioDevMon.exe (M-Audio)
    PRC - C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
    PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
    PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
    PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
    PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\defs\12020501\algo.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV - (AppMgmt) -- File not found
    SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (AxiomAudioDevMon) -- C:\Program Files\M-Audio\Axiom\AudioDevMon.exe (M-Audio)
    SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (SoundMovieServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SoundMovieServer)
    SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
    SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
    SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
    SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (aswNdis) -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys (ALWIL Software)
    DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
    DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
    DRV - (L6POD) -- C:\WINDOWS\system32\drivers\L6POD.sys (Line 6)
    DRV - (NCHSSVAD) SoundTap Recorder (32 Bit) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
    DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (KORGUMDS) -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS (KORG INC.)
    DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
    DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
    DRV - (tmcomm) -- C:\WINDOWS\System32\Drivers\tmcomm.sys (Trend Micro Inc.)
    DRV - (sensorsview32) -- C:\WINDOWS\system32\drivers\sensorsview32.sys (OpenLibSys.org)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (Pcatip) -- C:\WINDOWS\system32\drivers\Pcatip.sys (VSO Software)
    DRV - (Fileprot) -- C:\WINDOWS\System32\drivers\fileprot.sys ()
    DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows (R) 2000/XP)
    DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows (R) 2000 DDK provider)
    DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()
    DRV - (hotcore2) -- C:\WINDOWS\system32\drivers\hotcore2.sys (Paragon Software Group)
    DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
    DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
    DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
    DRV - (MaxtorFrontPanel1) -- C:\WINDOWS\system32\drivers\mxofwfp.sys (Maxtor Corp.)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
    DRV - (MPD16USB) -- C:\WINDOWS\system32\drivers\MPD16USB.sys (AKAI professional M.I. Corp.)
    DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH)
    DRV - (FINEPIX_PCC) -- C:\WINDOWS\system32\drivers\V4CB0109.SYS (FUJI PHOTO FILM CO.,LTD.)
    DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
    DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/18 02:37:15 | 000,000,000 | ---D | M]

    [2012/01/02 09:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul L. Smith\Application Data\Mozilla\Extensions
    [2012/01/02 09:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul L. Smith\Application Data\Mozilla\Extensions\uploadr@flickr.com

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=642886&p={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.71\npGoogleUpdate3.dll
    CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
    CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
    CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: avast! WebRep = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/01/22 07:00:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer.lnk = C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198910439140 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
    O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (DownloadManager Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6420938-3115-4CE0-8437-D6D31209BF94}: NameServer = 192.168.2.1,192.168.2.2
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/09/21 21:24:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/27 07:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2012/01/27 07:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/01/22 06:56:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/01/22 06:09:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/01/22 06:09:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/01/22 06:09:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/01/22 06:09:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2009/11/20 18:21:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Paul L. Smith\Application Data\pcouffin.sys
    [2008/03/21 07:29:03 | 719,174,560 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\ADBEPPROCS3_ALP.exe
    [2004/10/06 11:39:57 | 028,676,096 | ---- | C] (Spectrasonics) -- C:\Program Files\StylusRMX.dll
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/05 12:40:44 | 000,073,308 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/02/05 12:40:19 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/05 12:36:26 | 000,013,768 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/02/05 12:36:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/02/05 12:19:02 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/05 11:02:05 | 000,001,365 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
    [2012/02/05 04:12:54 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to OTL.exe.lnk
    [2012/02/04 05:31:35 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 4.0.lnk
    [2012/02/03 18:17:34 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/02/02 19:33:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/01/28 07:00:41 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/27 07:08:32 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/01/26 02:16:43 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/01/22 07:00:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/01/22 06:36:18 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut (2) to ComboFix.exe.lnk
    [2012/01/22 06:05:36 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to ComboFix.exe.lnk
    [2012/01/12 19:46:40 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2012/01/12 03:06:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/05 04:12:54 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to OTL.exe.lnk
    [2012/01/28 07:00:41 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/27 07:08:32 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/01/22 06:36:18 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut (2) to ComboFix.exe.lnk
    [2012/01/22 06:09:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/22 06:09:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/22 06:09:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/22 06:09:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/22 06:09:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/01/22 06:05:36 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to ComboFix.exe.lnk
    [2011/08/15 11:32:49 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
    [2011/08/15 11:32:49 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
    [2011/06/16 17:29:03 | 000,910,920 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
    [2011/06/16 17:29:03 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2011/06/16 17:29:02 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2011/05/25 21:37:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\lang.ini
    [2011/04/21 16:43:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
    [2011/02/04 17:07:27 | 000,183,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/12/01 17:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
    [2010/02/07 10:22:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2010/02/07 10:22:45 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2010/02/07 10:22:45 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2010/02/07 10:22:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2010/01/09 11:44:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
    [2009/11/20 18:27:05 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\vso_ts_preview.xml
    [2009/11/20 18:21:38 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\inst.exe
    [2009/11/20 18:21:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\pcouffin.cat
    [2009/11/20 18:21:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\pcouffin.inf
    [2009/11/20 13:55:54 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2009/11/20 13:55:54 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2009/11/20 13:55:54 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/11/20 13:55:54 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/11/15 12:34:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/11/06 15:36:07 | 000,051,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/10/20 18:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2009/08/08 10:05:44 | 000,008,330 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Spectrasonicsml.html
    [2009/06/21 21:01:02 | 000,000,093 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
    [2009/06/21 21:00:39 | 000,000,032 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\3336a8a31588d39509b23eff4c71869e_Paul L. Smith
    [2009/05/29 12:19:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\SpriteKt.ini
    [2009/05/29 12:19:42 | 000,007,184 | ---- | C] () -- C:\WINDOWS\sounder.ini
    [2009/05/21 16:48:40 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2009/05/21 16:48:39 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/05/21 16:48:38 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/05/21 16:48:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2009/05/21 16:48:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2009/05/21 16:48:36 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/05/21 16:48:36 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2009/05/21 16:48:36 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2009/05/21 16:48:33 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2009/05/21 16:48:26 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2009/05/15 13:37:00 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\fusioncache.dat
    [2009/05/04 09:01:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/01/25 08:19:13 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\minimp3.exe
    [2008/11/14 09:22:56 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2008/11/14 09:22:55 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\PnkBstrK.sys
    [2008/11/14 09:22:39 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2008/11/14 09:22:36 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2008/11/14 09:22:34 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
    [2008/10/25 13:36:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
    [2008/10/25 13:36:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
    [2008/10/06 17:35:09 | 000,000,379 | ---- | C] () -- C:\WINDOWS\GearBox.ini
    [2008/09/27 06:08:19 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ngxt.bin
    [2008/09/16 15:56:07 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
    [2008/09/16 15:56:07 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
    [2008/09/03 06:21:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2008/05/12 08:03:31 | 000,000,472 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/05/12 07:58:30 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2008/04/05 06:13:44 | 000,000,370 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
    [2008/03/20 14:40:29 | 000,000,395 | ---- | C] () -- C:\WINDOWS\videoimp.ini
    [2008/03/20 14:40:20 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2008/03/12 06:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI
    [2008/01/25 16:47:54 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/01/10 10:38:39 | 000,038,488 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\Comma Separated Values (Windows).ADR
    [2008/01/03 08:17:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2008/01/03 08:17:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2008/01/03 08:17:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2008/01/03 08:17:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2008/01/03 08:17:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2008/01/03 08:17:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2008/01/03 08:17:19 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2008/01/03 08:17:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2008/01/03 08:17:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2008/01/03 08:17:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2008/01/03 08:17:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2008/01/03 08:17:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2008/01/03 08:17:19 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2008/01/03 08:17:19 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2008/01/03 08:17:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2008/01/03 08:15:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX700E.ini
    [2007/12/30 11:05:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    [2007/12/30 11:03:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Soundtrack
    [2007/12/30 11:03:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\Smooth Strings
    [2007/12/30 11:03:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
    [2007/12/30 11:03:05 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Speech Enhancer
    [2007/12/29 06:18:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/12/29 05:45:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\qwimp.ini
    [2007/12/29 05:38:45 | 000,001,365 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2007/12/29 05:38:45 | 000,000,037 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2007/11/03 11:17:23 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
    [2007/10/22 08:50:30 | 000,032,491 | ---- | C] () -- C:\WINDOWS\System32\drivers\fileprot.sys
    [2007/10/22 08:50:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\loadfp.exe
    [2007/10/20 09:43:31 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2007/10/20 09:43:28 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2007/10/20 09:43:28 | 000,579,602 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
    [2007/10/20 09:43:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2007/10/12 16:04:02 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2007/10/12 14:39:20 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
    [2007/10/05 18:29:57 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/09/28 13:16:33 | 000,000,050 | ---- | C] () -- C:\WINDOWS\RKACCUBURN.INI
    [2007/09/28 13:14:02 | 004,239,360 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
    [2007/09/23 08:06:27 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe
    [2007/09/23 06:18:36 | 000,331,263 | ---- | C] () -- C:\WINDOWS\LOOP.exe
    [2007/09/22 15:10:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2007/09/22 13:41:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
    [2007/09/22 09:19:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2007/09/22 08:22:47 | 000,003,422 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2007/09/22 08:22:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2007/09/21 22:08:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/09/21 22:07:46 | 001,542,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2007/09/21 21:25:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2007/09/21 21:22:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/05/22 11:47:24 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2004/12/21 11:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
    [2004/08/26 11:53:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\MXONmSpace.dll
    [2004/08/26 11:49:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MXONmSpMFC.dll
    [2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/03/31 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/03/31 12:00:00 | 000,444,392 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/03/31 12:00:00 | 000,072,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/03/31 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
    [2002/03/21 13:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
    [2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
    [2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
    [2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
    [2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
    [2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
    [2002/03/20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
    [1998/06/02 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
    [1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
  9. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    ========== LOP Check ==========

    [2007/11/03 10:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\ACD Systems
    [2008/09/11 16:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Anthropics
    [2011/12/27 01:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Azureus
    [2009/12/22 07:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Cakewalk
    [2011/12/18 02:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\DDMSettings
    [2010/12/01 06:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\EPSON
    [2012/01/02 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Flickr
    [2008/03/20 14:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\FUJIFILM
    [2009/12/31 07:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\ImgBurn
    [2009/12/30 04:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\JGoodies
    [2010/03/06 01:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\KORG
    [2010/02/20 08:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Lexicon PCM Native
    [2010/03/20 10:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Line 6
    [2008/01/10 08:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\LinkedIn
    [2011/06/02 06:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\NCH Swift Sound
    [2007/12/30 11:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Nikon
    [2008/04/25 07:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Nokia
    [2008/11/07 18:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Palo Alto Software
    [2008/10/04 18:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\PC Suite
    [2009/06/21 21:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Plogue
    [2011/12/29 16:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Propellerhead Software
    [2011/02/04 07:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Research In Motion
    [2010/01/13 07:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\SIR
    [2008/05/06 12:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Uniblue
    [2011/05/25 21:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Vso
    [2007/11/03 10:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
    [2011/08/01 21:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
    [2011/09/25 06:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2008/02/17 03:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
    [2007/11/09 17:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2010/12/28 14:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
    [2007/12/30 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2010/11/30 20:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2007/12/30 20:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2008/02/17 03:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2008/10/26 05:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
    [2009/01/19 18:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/08/22 05:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2011/11/12 07:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
    [2010/03/20 17:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
    [2008/10/07 18:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6(2)
    [2007/10/12 16:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2008/11/06 16:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
    [2010/02/07 11:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2011/11/14 18:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
    [2009/10/04 10:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
    [2011/06/02 06:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2007/12/30 11:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2008/11/07 18:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
    [2011/03/19 07:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
    [2008/11/07 18:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PAS
    [2008/02/29 08:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/12/29 16:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
    [2011/02/04 07:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2009/11/15 06:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SideKickReg
    [2009/08/03 05:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SIR
    [2009/04/10 09:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spectrasonics
    [2010/02/07 11:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2010/11/30 20:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2007/12/30 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2009/11/20 18:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
    [2009/03/12 22:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/08 07:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/19 12:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/08 17:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/03/23 17:09:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
    [2010/03/23 17:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
    [2009/09/19 12:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{EFBDC0EC-2698-4A44-8AAD-4113D6D8BB82}
    [2011/06/12 09:44:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
    [2011/06/18 09:44:04 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
    [2011/05/29 06:42:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
    [2011/06/09 05:58:02 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

    ========== Purity Check ==========



    < End of report >
  10. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    ESAT Log:

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentbm.zip Win32/Bagle.gen.zip worm
    C:\System Volume Information\_restore{4C7C8C5F-5AC7-498F-B8F6-0F117FBC8F55}\RP1036\A0636864.rbf a variant of Win32/Adware.Toolbar.Dealio application
    C:\System Volume Information\_restore{4C7C8C5F-5AC7-498F-B8F6-0F117FBC8F55}\RP1036\A0636877.rbf probably a variant of Win32/Adware.Toolbar.Dealio application
    F:\Downloaded Programs\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application
    F:\Downloaded Programs\Codecs\XVideoConverter-r20016.exe probably a variant of Win32/IRCBot.BQZLFCC trojan
    F:\Downloaded Programs\Smart DeFrag\defragsetup.exe a variant of Win32/Toolbar.Widgi application
    F:\Downloaded Programs\Smart DeFrag\sd2-setup.exe a variant of Win32/Toolbar.Widgi application
  11. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Results of screen317's Security Check version 0.99.30
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Internet Security
    ESET Online Scanner v3
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    CCleaner
    Java(TM) 6 Update 30
    Java(TM) 6 Update 7
    Java version out of date!
    Adobe Reader 8 Adobe Reader out of date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast afwServ.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log````````````
  12. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Bobbeye, I would like to delete Registry Optimizer but I can't find it! Can you please tell me where it is located? It isn't registered with Piriform CC.

    I also see that there is a Java 6 update 7 that needs deleting but again, I can't find it. Similarly, the outdated Adobe Reader v.8.



    Is it worth deleting SpyBot and SuperAntiSpyware too?
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +33

    Paul, you have new malware on the F Drive- it appears that it's a partition:
    Drive F: | 247.94 Gb Total Space | 14.47 Gb Free Space | 5.84% Space Free | Partition Type: NTFS
    Maybe it's where you keep your downloads. But if there's any kind of adware/spyware/pests, etc. on the download screen and you leave them, your system is going to get infected- agaain- and again. You need to check every download screen for any pre-checked items> uncheck before the download.

    Additionally the downloaded codecs had>> W32.IRCBot.B is a back door Trojan horse that connects to an IRC server and awaits commands from a remote attacker, including spreading through network shares, spam email messages, IRC channels and to other computers. This Trojan is a variant of W32.IRCBot and W32.IRCBot.Gen.

    It is possible, with all the reinfections, that the only way you're going to clean the system is to reformat and reinstall. And with a backdoor.bot, although we can remove all the entries we 'see', it is possible that the system has been compromised.
    ==========================================
    For the Eset entries on the F Drive:
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentbm.zip 
      F:\Downloaded Programs\Nero-6.6.1.15a.exe 
      F:\Downloaded Programs\Codecs\XVideoConverter-r20016.exe 
      F:\Downloaded Programs\Smart DeFrag\defragsetup.exe 
      F:\Downloaded Programs\Smart DeFrag\sd2-setup.exe 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ================================
    Please go to Add/Remove Programs/\. Uninstall any entries for:
    Askbar
    Spigot or Search Settings
    When done, use Windows Explorer to access Computer> Local Drive > Programs> do a Right click> Delete on program forder for each.
    ===============================
    No, you need the security. But you should also keep up with it. At some time, Spybot remove the Beagle worm. Eventually you need to delete the files removed by security programs.

    As for SAS, it's a good program. Run it occasionally, taking care to always check the line to remove the entries found.
    ==============================
    I'll go over OTL again and see if there are any more removals after I take a break. We need to finish this up or ou need to make a decision to wipe it clean.
    ================================
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +33

    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      regfile [merge] -- Reg Error: Key error.
      txtfile [edit] -- Reg Error: Key error.
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "8461-7759-5462-8226" = Vuze
      "{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
      "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
      "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
      "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
      "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
      :Files
      C:\WINDOWS\imsins.BAK
      C:\Documents and Settings\All Users\Application Data\3336a8a31588d39509b23eff4c71869e_Paul L. Smith
      C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      C:\WINDOWS\System32\emptyregdb.dat
      C:\WINDOWS\System32\MXONmSpace.dll
      C:\WINDOWS\System32\MXONmSpMFC.dll
      C:\Documents and Settings\All Users\Application Data\Ask
      C:\Documents and Settings\All Users\Application Data\Avg7
      C:\Documents and Settings\All Users\Application Data\Azureus
      C:\Documents and Settings\All Users\Application Data\Grisoft
      C:\Documents and Settings\All Users\Application Data\Line 6
      C:\Documents and Settings\All Users\Application Data\Line 6(2)
      C:\Documents and Settings\All Users\Application Data\Palo Alto Software
      C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
      C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
      C\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
      C:\Documents and Settings\All Users\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
      C:\Documents and Settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
      C:\Documents and Settings\All Users\Application Data\{EFBDC0EC-2698-4A44-8AAD-4113D6D8BB82}
      C:\Documents and Settings\Paul L. Smith\Application Data\Uniblue
      :Chrome
      CHR - Extension: YouTube = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
      CHR - Extension: Google Search = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
      CHR - Extension: Gmail = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    -------------------------------
    Advise reformat/reinstall the OS. Get rid of the old files, the programs you got back in 1998 and early 2000. Don't ut the file sharing programs back on> emule, Vuze, keep Java updates and remove the old versions, etc. etc.
    ============================================
    Please note: I will be Ofline on Wednesday, 2/8 and Thursday, 2/9. When I return on Friday, 2/10, I will pick up the oldest threads first.
  15. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    I follow the instructions for OTM but it doesn't produce a log. It askks me if I want to reboot, I select "Yes" - and nothing happens! If I force a reboot, I still can't find any log,

    Here is a paste from the "Results" half of the display:

    All processes killed
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentbm.zip moved successfully.
    F:\Downloaded Programs\Nero-6.6.1.15a.exe moved successfully.
    F:\Downloaded Programs\Codecs\XVideoConverter-r20016.exe moved successfully.
    F:\Downloaded Programs\Smart DeFrag\defragsetup.exe moved successfully.
    F:\Downloaded Programs\Smart DeFrag\sd2-setup.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Paul L. Smith
    ->Temp folder emptied: 533499 bytes
    ->Temporary Internet Files folder emptied: 118536444 bytes
    ->Java cache emptied: 10339 bytes
    ->Google Chrome cache emptied: 14877256 bytes
    ->Flash cache emptied: 161979 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 44916191 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 3280 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 171.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 02082012_194641
  16. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    In spite of what it says above in the log, all the files in the F:\ partition are still there.
  17. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    I won't run OTL until you come back to me with advice on OTMoveit issues.
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +33

    My apology Paul- I misplaced the thread.

    Please give me an update on how the system is doing now.
  19. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    Bobbeye, thats okay, I have been busy travelling and working. The system is much better thanks you and performing very well and without the glitches it used to have.

    One thing I did do was copy the F drive to a spare external drive and then manually delete the files in the downloaded programs folder and this was done easily enough. I then wiped the drive by reformatting just to be on the safe side.

    So I could try manually deleting the files if it would help?
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +33

    Since you are having recurring malware, you should seriously consider removing those process know to bring malware. I see see Azureus/Vuze and eMule. Here are more to remove:

    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      [2008/05/06 12:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Uniblue
      [2011/05/25 21:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Vso
      [2007/11/03 10:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
      [2011/08/01 21:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
      [2011/09/25 06:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
      [2008/02/17 03:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
      [2007/11/09 17:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
      [2009/03/12 22:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
      [2010/04/08 07:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      [2009/09/19 12:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
      [2009/04/08 17:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
      [2010/03/23 17:09:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
      [2010/03/23 17:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
      [2009/09/19 12:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{EFBDC0EC-2698-4A44-8AAD-4113D6D8BB82}
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  21. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    OTL logfile created on: 23/02/2012 06:09:25 - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = F:\Downloaded Programs\OTL
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.29% Memory free
    4.85 Gb Paging File | 4.41 Gb Available in Paging File | 90.89% Paging File free
    Paging file location(s): C:\pagefile.sys 3070 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.48 Gb Total Space | 42.33 Gb Free Space | 28.90% Space Free | Partition Type: NTFS
    Drive F: | 247.94 Gb Total Space | 11.79 Gb Free Space | 4.76% Space Free | Partition Type: NTFS
    Drive G: | 116.51 Gb Total Space | 46.91 Gb Free Space | 40.27% Space Free | Partition Type: NTFS
    Drive H: | 101.31 Gb Total Space | 42.08 Gb Free Space | 41.54% Space Free | Partition Type: NTFS
    Drive I: | 164.33 Gb Total Space | 105.19 Gb Free Space | 64.01% Space Free | Partition Type: NTFS
    Drive J: | 154.95 Gb Total Space | 136.79 Gb Free Space | 88.28% Space Free | Partition Type: NTFS
    Drive N: | 14.90 Gb Total Space | 14.73 Gb Free Space | 98.85% Space Free | Partition Type: FAT32

    Computer Name: MUSIC-PC | User Name: Paul L. Smith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - F:\Downloaded Programs\OTL\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
    PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
    PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
    PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
    PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\defs\12022201\algo.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV - (AppMgmt) -- File not found
    SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (SoundMovieServer) -- C:\WINDOWS\System32\snmvtsvc.exe (SoundMovieServer)
    SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
    SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
    SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
    SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (aswNdis) -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys (ALWIL Software)
    DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
    DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
    DRV - (L6POD) -- C:\WINDOWS\system32\drivers\L6POD.sys (Line 6)
    DRV - (NCHSSVAD) SoundTap Recorder (32 Bit) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
    DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (KORGUMDS) -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS (KORG INC.)
    DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
    DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
    DRV - (tmcomm) -- C:\WINDOWS\System32\Drivers\tmcomm.sys (Trend Micro Inc.)
    DRV - (sensorsview32) -- C:\WINDOWS\system32\drivers\sensorsview32.sys (OpenLibSys.org)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (Pcatip) -- C:\WINDOWS\system32\drivers\Pcatip.sys (VSO Software)
    DRV - (Fileprot) -- C:\WINDOWS\System32\drivers\fileprot.sys ()
    DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows (R) 2000/XP)
    DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows (R) 2000 DDK provider)
    DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()
    DRV - (hotcore2) -- C:\WINDOWS\system32\drivers\hotcore2.sys (Paragon Software Group)
    DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
    DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
    DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
    DRV - (MaxtorFrontPanel1) -- C:\WINDOWS\system32\drivers\mxofwfp.sys (Maxtor Corp.)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
    DRV - (MPD16USB) -- C:\WINDOWS\system32\drivers\MPD16USB.sys (AKAI professional M.I. Corp.)
    DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH)
    DRV - (FINEPIX_PCC) -- C:\WINDOWS\system32\drivers\V4CB0109.SYS (FUJI PHOTO FILM CO.,LTD.)
    DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
    DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/18 02:37:15 | 000,000,000 | ---D | M]

    [2012/01/02 09:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul L. Smith\Application Data\Mozilla\Extensions
    [2012/01/02 09:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul L. Smith\Application Data\Mozilla\Extensions\uploadr@flickr.com

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=642886&p={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.71\npGoogleUpdate3.dll
    CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
    CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
    CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: avast! WebRep = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/01/22 07:00:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer.lnk = C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198910439140 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
    O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (DownloadManager Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6420938-3115-4CE0-8437-D6D31209BF94}: NameServer = 192.168.2.1,192.168.2.2
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/09/21 21:24:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/22 11:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
    [2012/02/12 07:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul L. Smith\Desktop\New Folder (2)
    [2012/02/12 07:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul L. Smith\Desktop\New Folder
    [2012/02/08 19:45:16 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul L. Smith\Desktop\OTM.exe
    [2012/02/05 20:29:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/02/05 13:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/01/27 07:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2012/01/27 07:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2009/11/20 18:21:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Paul L. Smith\Application Data\pcouffin.sys
    [2008/03/21 07:29:03 | 719,174,560 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\ADBEPPROCS3_ALP.exe
    [2004/10/06 11:39:57 | 028,676,096 | ---- | C] (Spectrasonics) -- C:\Program Files\StylusRMX.dll
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/23 06:19:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/23 06:05:34 | 000,073,308 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/02/23 06:05:23 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/23 06:01:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/02/23 05:27:56 | 000,013,768 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/02/22 11:17:46 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\VLC media player (2).lnk
    [2012/02/22 11:16:48 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2012/02/21 15:57:33 | 000,001,364 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
    [2012/02/19 17:37:25 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 4.0.lnk
    [2012/02/17 07:28:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2012/02/17 03:18:49 | 001,542,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/02/17 03:11:08 | 000,444,392 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/02/17 03:11:08 | 000,072,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/02/17 03:04:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/02/16 21:22:27 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/02/16 19:33:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/02/08 19:45:21 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul L. Smith\Desktop\OTM.exe
    [2012/02/07 21:41:47 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to OTM.exe.lnk
    [2012/02/05 20:05:38 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to SecurityCheck.exe.lnk
    [2012/02/05 04:12:54 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to OTL.exe.lnk
    [2012/02/03 18:17:34 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/01/28 07:00:41 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/27 07:08:32 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/22 11:17:46 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\VLC media player (2).lnk
    [2012/02/22 11:16:48 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2012/02/07 21:41:47 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to OTM.exe.lnk
    [2012/02/05 20:05:38 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to SecurityCheck.exe.lnk
    [2012/02/05 04:12:54 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Desktop\Shortcut to OTL.exe.lnk
    [2012/01/28 07:00:41 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/27 07:08:32 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/01/22 06:09:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/22 06:09:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/22 06:09:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/22 06:09:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/22 06:09:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/08/15 11:32:49 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
    [2011/08/15 11:32:49 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
    [2011/06/16 17:29:03 | 000,910,920 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
    [2011/06/16 17:29:03 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2011/06/16 17:29:02 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2011/05/25 21:37:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\lang.ini
    [2011/04/21 16:43:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
    [2011/02/04 17:07:27 | 000,183,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/12/01 17:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
    [2010/02/07 10:22:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2010/02/07 10:22:45 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2010/02/07 10:22:45 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2010/02/07 10:22:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2010/01/09 11:44:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
    [2009/11/20 18:27:05 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\vso_ts_preview.xml
    [2009/11/20 18:21:38 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\inst.exe
    [2009/11/20 18:21:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\pcouffin.cat
    [2009/11/20 18:21:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\pcouffin.inf
    [2009/11/20 13:55:54 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2009/11/20 13:55:54 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2009/11/20 13:55:54 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/11/20 13:55:54 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/11/15 12:34:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/11/06 15:36:07 | 000,051,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/10/20 18:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2009/08/08 10:05:44 | 000,008,330 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\Spectrasonicsml.html
    [2009/06/21 21:01:02 | 000,000,093 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
    [2009/06/21 21:00:39 | 000,000,032 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\3336a8a31588d39509b23eff4c71869e_Paul L. Smith
    [2009/05/29 12:19:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\SpriteKt.ini
    [2009/05/29 12:19:42 | 000,007,184 | ---- | C] () -- C:\WINDOWS\sounder.ini
    [2009/05/21 16:48:40 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2009/05/21 16:48:39 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/05/21 16:48:38 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/05/21 16:48:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2009/05/21 16:48:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2009/05/21 16:48:36 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2009/05/21 16:48:36 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2009/05/21 16:48:36 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2009/05/21 16:48:33 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2009/05/21 16:48:26 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2009/05/15 13:37:00 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\fusioncache.dat
    [2009/05/04 09:01:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/01/25 08:19:13 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\minimp3.exe
    [2008/11/14 09:22:56 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2008/11/14 09:22:55 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\PnkBstrK.sys
    [2008/11/14 09:22:39 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2008/11/14 09:22:36 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2008/11/14 09:22:34 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
    [2008/10/25 13:36:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
    [2008/10/25 13:36:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
    [2008/10/06 17:35:09 | 000,000,379 | ---- | C] () -- C:\WINDOWS\GearBox.ini
    [2008/09/27 06:08:19 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ngxt.bin
    [2008/09/16 15:56:07 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
    [2008/09/16 15:56:07 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
    [2008/09/03 06:21:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2008/05/12 08:03:31 | 000,000,472 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/05/12 07:58:30 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2008/04/05 06:13:44 | 000,000,370 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
    [2008/03/20 14:40:29 | 000,000,395 | ---- | C] () -- C:\WINDOWS\videoimp.ini
    [2008/03/20 14:40:20 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2008/03/12 06:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI
    [2008/01/25 16:47:54 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/01/10 10:38:39 | 000,038,488 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\Comma Separated Values (Windows).ADR
    [2008/01/03 08:17:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2008/01/03 08:17:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2008/01/03 08:17:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2008/01/03 08:17:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2008/01/03 08:17:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2008/01/03 08:17:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2008/01/03 08:17:19 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2008/01/03 08:17:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2008/01/03 08:17:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2008/01/03 08:17:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2008/01/03 08:17:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2008/01/03 08:17:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2008/01/03 08:17:19 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2008/01/03 08:17:19 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2008/01/03 08:17:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2008/01/03 08:15:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX700E.ini
    [2007/12/30 11:05:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    [2007/12/30 11:03:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Soundtrack
    [2007/12/30 11:03:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Paul L. Smith\Application Data\Smooth Strings
    [2007/12/30 11:03:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
    [2007/12/30 11:03:05 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Speech Enhancer
    [2007/12/29 06:18:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/12/29 05:45:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\qwimp.ini
    [2007/12/29 05:38:45 | 000,001,364 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2007/12/29 05:38:45 | 000,000,037 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2007/11/03 11:17:23 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
    [2007/10/22 08:50:30 | 000,032,491 | ---- | C] () -- C:\WINDOWS\System32\drivers\fileprot.sys
    [2007/10/22 08:50:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\loadfp.exe
    [2007/10/20 09:43:31 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2007/10/20 09:43:28 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2007/10/20 09:43:28 | 000,579,602 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
    [2007/10/20 09:43:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2007/10/12 16:04:02 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2007/10/12 14:39:20 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
    [2007/10/05 18:29:57 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Paul L. Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/09/28 13:16:33 | 000,000,050 | ---- | C] () -- C:\WINDOWS\RKACCUBURN.INI
    [2007/09/28 13:14:02 | 004,239,360 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
    [2007/09/23 08:06:27 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\IWUninstall.exe
    [2007/09/23 06:18:36 | 000,331,263 | ---- | C] () -- C:\WINDOWS\LOOP.exe
    [2007/09/22 15:10:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2007/09/22 13:41:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
    [2007/09/22 09:19:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2007/09/22 08:22:47 | 000,003,422 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2007/09/22 08:22:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2007/09/21 22:08:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/09/21 22:07:46 | 001,542,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2007/09/21 21:25:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2007/09/21 21:22:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/05/22 11:47:24 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2004/12/21 11:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
    [2004/08/26 11:53:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\MXONmSpace.dll
    [2004/08/26 11:49:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MXONmSpMFC.dll
    [2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/03/31 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/03/31 12:00:00 | 000,444,392 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/03/31 12:00:00 | 000,072,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/03/31 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
    [2002/03/21 13:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
    [2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
    [2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
    [2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
    [2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
    [2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
    [2002/03/20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
    [2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
    [1998/06/02 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
    [1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
  22. Paul881

    Paul881 Newcomer, in training Topic Starter Posts: 36

    ========== LOP Check ==========

    [2007/11/03 10:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\ACD Systems
    [2008/09/11 16:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Anthropics
    [2011/12/27 01:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Azureus
    [2009/12/22 07:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Cakewalk
    [2011/12/18 02:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\DDMSettings
    [2010/12/01 06:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\EPSON
    [2012/01/02 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Flickr
    [2008/03/20 14:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\FUJIFILM
    [2009/12/31 07:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\ImgBurn
    [2009/12/30 04:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\JGoodies
    [2010/03/06 01:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\KORG
    [2010/02/20 08:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Lexicon PCM Native
    [2010/03/20 10:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Line 6
    [2008/01/10 08:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\LinkedIn
    [2011/06/02 06:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\NCH Swift Sound
    [2007/12/30 11:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Nikon
    [2008/04/25 07:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Nokia
    [2008/11/07 18:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Palo Alto Software
    [2008/10/04 18:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\PC Suite
    [2009/06/21 21:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Plogue
    [2011/12/29 16:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Propellerhead Software
    [2011/02/04 07:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Research In Motion
    [2010/01/13 07:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\SIR
    [2008/05/06 12:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Uniblue
    [2011/05/25 21:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul L. Smith\Application Data\Vso
    [2007/11/03 10:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
    [2011/08/01 21:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
    [2011/09/25 06:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2008/02/17 03:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
    [2007/11/09 17:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2012/02/08 22:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
    [2007/12/30 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2010/11/30 20:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2007/12/30 20:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2008/02/17 03:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2008/10/26 05:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
    [2009/01/19 18:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/08/22 05:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2011/11/12 07:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
    [2010/03/20 17:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
    [2008/10/07 18:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6(2)
    [2007/10/12 16:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2008/11/06 16:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
    [2010/02/07 11:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2011/11/14 18:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
    [2009/10/04 10:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
    [2011/06/02 06:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2007/12/30 11:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2008/11/07 18:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
    [2011/03/19 07:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
    [2008/11/07 18:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PAS
    [2008/02/29 08:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/12/29 16:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
    [2011/02/04 07:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2009/11/15 06:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SideKickReg
    [2009/08/03 05:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SIR
    [2009/04/10 09:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spectrasonics
    [2010/02/07 11:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2010/11/30 20:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2007/12/30 11:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2009/11/20 18:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
    [2009/03/12 22:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/08 07:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/19 12:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/08 17:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/03/23 17:09:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
    [2010/03/23 17:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
    [2009/09/19 12:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{EFBDC0EC-2698-4A44-8AAD-4113D6D8BB82}
    [2011/06/12 09:44:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
    [2011/06/18 09:44:04 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
    [2011/05/29 06:42:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
    [2011/06/09 05:58:02 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

    ========== Purity Check ==========



    < End of report >
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +33

    Paul, there is a second log from OTL names Extras. Please find and post.
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +33

    Thread closed. No reply x 1week.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.