Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Slowed Down, Possible Virus? [Solved]

Started by Kevin Smith , Dec 23 2011 12:37 PM

This topic is locked

#1
Kevin Smith

Posted 23 December 2011 - 12:37 PM

New Member

Member
9 posts

Hello,

Over the last few weeks my computer has slowed down, and web pages take a while to load. I was wondering if anyone can help me with this problem before I try to go and reformat hard drive. Below is my OTL log.

OTL logfile created on: 12/23/2011 10:25:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 32.38% Memory free
5.34 Gb Paging File | 3.10 Gb Available in Paging File | 58.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 73.40 Gb Free Space | 31.52% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 158.19 Gb Free Space | 16.98% Space Free | Partition Type: NTFS
Drive F: | 7.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KEVINPC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 10:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
PRC - [2011/12/08 16:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/11/09 21:21:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/11 07:17:41 | 005,389,944 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2011/09/25 09:59:52 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
PRC - [2011/09/25 09:59:48 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
PRC - [2011/08/22 00:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/09 10:16:27 | 001,599,376 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/08/01 23:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/29 11:31:40 | 001,249,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/12/24 14:52:05 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/08/28 17:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/07/16 19:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/25 08:46:36 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/27 02:14:44 | 001,069,568 | ---- | M] () -- C:\Program Files\AltBinz\altbinz.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/23 10:19:20 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/12/23 10:19:20 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/17 04:03:05 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/12/17 04:03:05 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/09 21:21:54 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/25 09:59:52 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
MOD - [2011/09/25 09:59:48 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
MOD - [2011/09/06 21:22:03 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/08/22 00:18:06 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/07/29 11:31:40 | 001,249,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
MOD - [2011/07/13 10:36:02 | 000,795,448 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avformat-52.dll
MOD - [2011/07/13 10:36:02 | 000,347,944 | ---- | M] () -- C:\Program Files\TVersity\Media Server\taglib.dll
MOD - [2011/07/13 10:36:02 | 000,313,640 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
MOD - [2011/07/13 10:36:00 | 000,716,584 | ---- | M] () -- C:\Program Files\TVersity\Media Server\log4cxx.dll
MOD - [2011/07/13 10:36:00 | 000,509,720 | ---- | M] () -- C:\Program Files\TVersity\Media Server\sqlite3.dll
MOD - [2011/07/13 10:36:00 | 000,225,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MOD - [2011/07/13 10:36:00 | 000,083,768 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avutil-50.dll
MOD - [2011/07/13 10:36:00 | 000,031,528 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_xlib_.dll
MOD - [2011/07/13 10:35:58 | 004,534,072 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avcodec-52.dll
MOD - [2011/07/13 10:35:58 | 000,203,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\swscale-0.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/04 23:02:44 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/27 02:14:44 | 001,069,568 | ---- | M] () -- C:\Program Files\AltBinz\altbinz.exe
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [1997/07/21 11:22:38 | 000,051,200 | ---- | M] () -- C:\WINDOWS\system32\dtmon.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/25 09:59:48 | 000,276,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/29 11:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011/05/24 22:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/12 10:09:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/24 14:52:05 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/25 08:46:36 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Start_Pending] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)

========== Driver Services (SafeList) ==========

DRV - [2011/08/19 07:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/08/10 15:03:29 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/02/08 02:27:17 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/02/08 02:27:17 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/02/08 02:27:17 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/02/08 02:27:17 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/02/08 02:24:01 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/08 02:23:24 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/02/08 02:23:21 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2010/02/08 02:23:17 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/01/29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/12/24 14:52:05 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/11/16 09:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/11/16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/28 17:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/10/06 02:33:17] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/06/17 08:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 08:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 08:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 08:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 08:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 08:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/11 15:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/05/16 04:44:33 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/05/16 04:44:31 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/09/17 12:28:49 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/10/26 10:55:46 | 000,015,784 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2007/10/26 10:55:44 | 000,162,344 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2007/09/19 16:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/05/14 22:03:24 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/11/10 05:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/11/02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2005/12/22 02:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBICP.sys -- (uisp)
DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.5.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.samenc.co...ls=VVoyyFmq&q="

FF - user.js..keyword.URL: "http://www.samenc.co...ls=VVoyyFmq&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 21:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/26 23:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/17 09:02:16 | 000,000,000 | ---D | M]

[2011/09/30 16:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2010/06/08 10:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions\[email protected]
[2010/09/05 19:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions\[email protected]
[2011/12/13 11:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions
[2010/05/02 03:42:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 11:00:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/02 16:33:47 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/11/18 04:49:54 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/01/17 13:02:03 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\[email protected]
[2011/11/29 10:14:15 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\[email protected]
[2011/11/29 10:14:16 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\bing-zugo.xml
[2010/08/25 13:49:04 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\daemon-search.xml
[2010/08/13 11:15:38 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\google-search.xml
[2011/09/02 16:33:17 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\SearchResults.xml
[2011/12/22 00:45:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/22 00:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/04/02 13:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/02 13:41:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L8VBE4D7.DEFAULT\EXTENSIONS\[email protected]
[2011/11/09 21:21:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/04/22 16:07:33 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/09/30 16:35:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2010/08/13 11:15:38 | 000,002,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml
[2011/09/02 16:33:17 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/09 21:21:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/06 17:43:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kevin\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01D72D47-0A7F-4369-BEA4-F3FA8A9323B1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B914B0DA-C527-486C-BA8C-959F09380036}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF0A41FF-2D19-42EC-B48E-ADC4ACBC95EB}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) -c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\iebho.dll) -c:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/30 15:59:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 10:22:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2011/12/23 09:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Start Menu\Programs\CyberLink PowerDVD 8
[2011/12/17 10:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Virtual Dub New
[2011/12/17 04:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\SUPERAntiSpyware.com
[2011/12/17 04:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/12/17 04:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/17 04:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/16 05:45:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kevin\Recent
[2011/12/13 01:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/13 01:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/09 16:24:20 | 000,000,000 | ---D | C] -- C:\AEonish
[2011/12/09 00:56:48 | 000,000,000 | ---D | C] -- C:\AEonish HUB
[2011/12/01 17:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2011/12/01 17:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/12/01 17:29:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/12/01 15:18:36 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2011/12/01 15:18:36 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2011/11/29 16:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\NVIDIA
[2011/11/29 10:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2011/11/29 10:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/11/29 10:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3
[2011/11/29 10:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP3
[2011/11/24 07:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Serviio
[2011/11/24 07:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Serviio
[2008/07/27 14:55:25 | 000,033,792 | ---- | C] ( ) -- C:\Program Files\auxsetup.exe
[2008/07/27 14:55:25 | 000,031,232 | ---- | C] ( ) -- C:\Program Files\vdremote.dll
[2008/07/27 14:55:25 | 000,029,696 | ---- | C] ( ) -- C:\Program Files\vdicmdrv.dll
[2008/07/27 14:55:25 | 000,025,088 | ---- | C] ( ) -- C:\Program Files\vdsvrlnk.dll
[2008/07/27 14:55:25 | 000,008,704 | ---- | C] ( ) -- C:\Program Files\vdub.exe
[2008/02/04 04:01:24 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\Kevin\Application Data\pcouffin.sys
[2 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/23 10:26:12 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6C652DC1-DEEA-4606-AA07-30DA84A0DC89}.job
[2011/12/23 10:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2011/12/23 09:52:39 | 000,001,118 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2011/12/23 09:52:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/12/23 09:52:14 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 09:52:14 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/12/23 09:50:47 | 000,012,650 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/23 09:50:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/23 09:43:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/22 15:32:49 | 000,001,184 | -H-- | M] () -- C:\Documents and Settings\Kevin\Application Data\vso_ts_preview.xml
[2011/12/22 15:12:55 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 22:26:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/19 17:34:33 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/12/19 17:34:33 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2011/12/18 03:00:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\DietPower 4.4 Updates.job
[2011/12/17 15:45:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/17 06:22:37 | 000,012,303 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb0000
[2011/12/17 06:22:37 | 000,000,121 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb
[2011/12/17 04:02:31 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/13 14:57:33 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/12/13 11:45:39 | 000,285,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 01:23:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/09 00:56:01 | 020,499,377 | R--- | M] () -- C:\Documents and Settings\Kevin\Desktop\Æonish Hub.rar
[2011/12/02 17:24:56 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/11/29 12:24:55 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft DVD Ripper Ultimate.lnk
[2011/11/29 12:24:55 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xilisoft DVD Ripper Ultimate.lnk
[2011/11/29 10:14:04 | 000,001,433 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2011/11/29 10:14:04 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeRIP.lnk
[2011/11/24 07:41:37 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk
[2 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/17 04:02:31 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/13 01:23:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/09 00:58:36 | 020,499,377 | R--- | C] () -- C:\Documents and Settings\Kevin\Desktop\Æonish Hub.rar
[2011/12/08 17:22:49 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Aeonish Batch Rename.bat
[2011/12/08 17:22:47 | 043,503,572 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Æonish Hub Moviesheet Video Guide.avi
[2011/11/29 12:24:55 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft DVD Ripper Ultimate.lnk
[2011/11/29 12:24:55 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xilisoft DVD Ripper Ultimate.lnk
[2011/11/29 10:15:25 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/11/29 10:14:04 | 000,001,433 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2011/11/29 10:14:04 | 000,001,421 | ---- | C] () -- C:\Documents and Settings\Kevin\Start Menu\Programs\QuickStores.lnk
[2011/11/29 10:14:04 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeRIP.lnk
[2011/11/24 07:41:37 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk
[2011/11/20 05:11:12 | 000,728,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/28 13:52:32 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/25 19:01:07 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 11:02:42 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/07/02 11:02:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/07/02 11:02:26 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/07/02 11:02:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2011/07/02 11:01:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/07/02 10:58:20 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/06/23 14:08:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/16 04:51:20 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/16 04:51:17 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/16 04:51:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/31 00:21:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vqayi.dat
[2011/03/10 03:05:14 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/24 07:43:53 | 000,018,856 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\50VeHH3i3K
[2010/04/24 07:43:53 | 000,018,856 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\50VeHH3i3K
[2010/03/18 17:30:17 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/08 02:52:25 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/02/06 22:51:56 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/09/10 15:08:52 | 000,061,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/07 06:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/07 06:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/16 04:44:33 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/05/16 04:44:31 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/11/15 10:02:26 | 001,866,670 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/09/28 00:13:52 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2008/09/15 14:53:46 | 000,000,307 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/23 09:06:41 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/08/21 04:00:10 | 000,000,562 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\AutoGK.ini
[2008/08/21 03:59:27 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe
[2008/08/18 13:44:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/16 21:36:06 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/08/09 07:08:16 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/08/03 10:37:42 | 000,000,323 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/07/27 14:55:37 | 000,000,178 | ---- | C] () -- C:\Program Files\VirtualDub.jobs
[2008/07/27 14:55:25 | 000,967,680 | ---- | C] () -- C:\Program Files\VirtualDub.exe
[2008/07/27 14:55:25 | 000,240,395 | ---- | C] () -- C:\Program Files\VirtualDub.chm
[2008/07/27 14:55:25 | 000,202,756 | ---- | C] () -- C:\Program Files\VirtualDub.vdi
[2008/07/27 14:55:25 | 000,018,321 | ---- | C] () -- C:\Program Files\copying
[2008/07/18 14:57:39 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\default.pls
[2008/07/08 11:31:55 | 000,001,184 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\vso_ts_preview.xml
[2008/06/23 12:43:22 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\faxman32.INI
[2008/06/23 12:41:29 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dtmon.dll
[2008/06/23 12:41:28 | 000,003,773 | ---- | C] () -- C:\WINDOWS\OEDEVKIT.INI
[2008/06/23 12:41:28 | 000,000,761 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2008/06/23 12:41:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WININI.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/05 09:53:24 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\avsfilter.dll
[2008/02/10 17:30:50 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/02/10 17:30:50 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/02/10 17:30:50 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/02/10 17:30:50 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/02/10 17:30:50 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/02/10 17:30:50 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/02/10 17:30:50 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/02/10 17:30:50 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/02/10 17:30:50 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/02/10 17:30:50 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/02/10 17:30:50 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/02/10 17:30:50 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/02/10 17:30:50 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/02/10 17:30:50 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/02/10 17:30:50 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/02/10 17:30:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/08 11:43:23 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/02/04 04:01:24 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\pcouffin.cat
[2008/02/04 04:01:24 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\pcouffin.inf
[2008/02/03 08:07:02 | 000,000,260 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/02 13:08:07 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/01 10:34:14 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/01/30 16:54:51 | 000,000,024 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\MyPhrases.dta
[2008/01/30 16:34:19 | 000,003,447 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/30 16:32:38 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/30 16:25:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/30 16:22:31 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/01/30 16:22:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/30 16:08:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/01/30 16:01:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/01/30 15:56:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/01/30 07:49:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/30 07:45:57 | 000,285,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/10 05:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/02/28 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 04:00:00 | 000,457,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 04:00:00 | 000,075,850 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/10/14 01:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 01:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 01:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 01:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 01:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/09/12 19:09:34 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\AvsRecursion.dll
[2004/01/23 18:35:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/02/01 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/04/01 11:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/09/02 16:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/12/02 14:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CustomPortal
[2010/08/25 13:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/08 10:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DietPower4.4
[2010/03/18 16:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2011/04/16 04:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2008/01/30 16:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011/08/27 09:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/01/17 09:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/01/01 17:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2011/11/29 10:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/12/29 13:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/06/19 09:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/22 15:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2010/05/14 14:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/04/01 16:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2008/07/27 09:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2008/02/17 15:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/12/12 10:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/12 10:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2011/07/29 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/01/30 16:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/04/03 01:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/05/16 04:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2011/12/16 05:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/26 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/11/10 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/09/14 05:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/11/29 12:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
[2011/07/02 11:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2009/03/12 00:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/31 11:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 11:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 10:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/12/18 03:00:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E10FF271-9F2D-4C0C-8608-58B0522700B4}
[2010/08/12 00:37:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\4Media
[2008/01/30 16:55:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\Acoustica
[2011/06/13 15:28:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\Amazon
[2010/02/07 12:21:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\AnvSoft
[2008/08/24 13:31:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\Any Video Converter
[2008/07/09 17:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Auslogics
[2010/02/06 16:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\avidemux
[2011/12/20 07:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Azureus
[2011/09/02 16:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Bandoo
[2009/11/13 22:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Blitware
[2009/01/25 03:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools
[2009/05/16 02:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Lite
[2009/01/25 03:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Pro
[2011/11/05 16:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Digiarty
[2010/02/21 16:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DVD Profiler
[2011/12/01 17:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2008/09/13 06:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\GeoVid
[2008/02/23 00:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Grisoft
[2010/02/06 16:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\gtk-2.0
[2011/10/19 08:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\HandBrake
[2008/02/02 07:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ImgBurn
[2011/06/19 09:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2008/07/13 04:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\iWin
[2008/09/17 13:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2008/02/03 04:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\LEAPS
[2008/04/01 16:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Locktime
[2010/02/16 01:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Movie Label
[2008/07/27 09:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\NewsLeecher
[2008/05/23 18:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Notepad++
[2009/08/29 22:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Octoshape
[2011/08/27 14:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\OpenCandy
[2009/01/07 16:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Opera
[2009/12/25 03:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Pegasys Inc
[2011/07/02 11:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ScanSoft
[2009/12/24 15:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SearchmeToolbar
[2011/09/02 16:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\searchquband
[2011/09/03 08:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\searchqutoolbar
[2009/03/14 02:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SmartDraw
[2011/03/16 16:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Sony Online Entertainment
[2011/06/24 15:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SystemRequirementsLab
[2011/11/12 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ThumbGen
[2008/07/26 08:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TuneUp Software
[2008/02/02 00:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TypingMaster7
[2010/11/10 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Ubisoft
[2011/06/13 14:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Unity
[2010/06/04 11:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Utherverse
[2011/11/20 12:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\uTorrent
[2008/09/06 11:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ValuSoft
[2009/03/08 05:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\VidaOne
[2010/06/08 10:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Vivox
[2011/12/22 15:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Vso
[2008/11/08 07:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Desktop Search
[2008/11/08 18:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Search
[2011/11/29 12:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Xilisoft
[2010/02/07 11:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Xilisoft Corporation
[2011/07/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Zeon
[2011/12/23 09:52:14 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/12/18 03:00:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\DietPower 4.4 Updates.job
[2011/12/23 10:26:12 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C652DC1-DEEA-4606-AA07-30DA84A0DC89}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55DB0DDA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25C0BB42

< End of report >

#2
havredave

Posted 30 December 2011 - 11:15 AM

GeekU Moderator

GeekU Moderator
1,711 posts

Hi, welcome to GeeksToGo! I'm havredave, and I'll do my best to help you fix whatever it is that ails your computer.

Just a few things before we begin, to ease the process on both of us:

Please don't run any scanning or cleaning software without my direction, as it can make things worse and take longer in the long run.
Please be patient. A good cleaning can take quite a while, and usually involves many steps before it is complete. I may not post back quickly, because I often have to research issues or run ideas by my peers for a more thorough fix.
You may wish to print out each instruction post in case you lose Internet connectivity (using safe mode, for example), so you can complete the fix.
If you have any question on any step, or if something doesn't work as described, please stop and ask before we proceed. Better safe than sorry!
Please paste your logs into your replies instead of attaching them. This makes it far easier to review. Feel free to use multiple replies if you need to.
Please stick with me until I let you know we're finished. Even if the machine is running better, it doesn't mean it's clean.

As it's been a while since your scans were done, please do the following to generate some fresh ones for me:

First:

Download a new copy of OTL to your Desktop.

Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Copy the text from the codeblock below (ctrl-c) and paste it (ctrl-v) into the Custom Scans/Fixes box.

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
volsnap.sys
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Put a checkmark in the Scan All Users checkbox.
Put checkmarks in the LOP Check and Purity Check checkboxes.
Click the 'Use SafeList' radio button in the 'Extra Registry' section.
Click the Run Scan button. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

If it asks you to download virus definitions, please say yes.

Click the "Scan" button to start scan. It could take a while, especially for the virus scan part. Do not let it fix anything, just do the scan.
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#3
Kevin Smith

Posted 31 December 2011 - 04:32 AM

New Member

Topic Starter
Member
9 posts

Havredave, thank you for your help. Below are the logs of the files you asked for. I hope I followed your instructions correctly. They were not hard to do, but if I erred in anyway feel free to let me know.

OTL logfile created on: 12/30/2011 4:26:10 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 39.71% Memory free
5.34 Gb Paging File | 3.18 Gb Available in Paging File | 59.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 70.03 Gb Free Space | 30.07% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 141.22 Gb Free Space | 15.16% Space Free | Partition Type: NTFS
Drive Z: | 930.44 Gb Total Space | 652.79 Gb Free Space | 70.16% Space Free | Partition Type: NTFS

Computer Name: KEVINPC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 10:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
PRC - [2011/11/09 21:21:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/09/25 09:59:52 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
PRC - [2011/09/25 09:59:48 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
PRC - [2011/08/22 00:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/09 10:16:27 | 001,599,376 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/07/29 11:31:40 | 001,249,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/12/24 14:52:05 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/08/28 17:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/07/16 19:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/25 08:46:36 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/09 21:21:54 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/25 09:59:52 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
MOD - [2011/09/25 09:59:48 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
MOD - [2011/09/06 21:22:03 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/08/22 00:18:06 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/07/29 11:31:40 | 001,249,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
MOD - [2011/07/13 10:36:02 | 000,795,448 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avformat-52.dll
MOD - [2011/07/13 10:36:02 | 000,347,944 | ---- | M] () -- C:\Program Files\TVersity\Media Server\taglib.dll
MOD - [2011/07/13 10:36:02 | 000,313,640 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
MOD - [2011/07/13 10:36:00 | 000,716,584 | ---- | M] () -- C:\Program Files\TVersity\Media Server\log4cxx.dll
MOD - [2011/07/13 10:36:00 | 000,509,720 | ---- | M] () -- C:\Program Files\TVersity\Media Server\sqlite3.dll
MOD - [2011/07/13 10:36:00 | 000,225,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MOD - [2011/07/13 10:36:00 | 000,083,768 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avutil-50.dll
MOD - [2011/07/13 10:36:00 | 000,031,528 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_xlib_.dll
MOD - [2011/07/13 10:35:58 | 004,534,072 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avcodec-52.dll
MOD - [2011/07/13 10:35:58 | 000,203,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\swscale-0.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/04 23:02:44 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [1997/07/21 11:22:38 | 000,051,200 | ---- | M] () -- C:\WINDOWS\system32\dtmon.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/25 09:59:48 | 000,276,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/29 11:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011/05/24 22:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/12 10:09:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/24 14:52:05 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/25 08:46:36 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Start_Pending] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)

========== Driver Services (SafeList) ==========

DRV - [2011/08/19 07:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/02/08 02:27:17 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/02/08 02:27:17 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/02/08 02:27:17 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/02/08 02:27:17 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/02/08 02:24:01 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/08 02:23:24 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/02/08 02:23:21 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2010/02/08 02:23:17 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/01/29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/12/24 14:52:05 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/11/16 09:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/11/16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/28 17:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/10/06 02:33:17] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/06/17 08:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 08:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 08:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 08:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 08:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 08:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/11 15:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/05/16 04:44:33 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/05/16 04:44:31 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/09/17 12:28:49 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/10/26 10:55:46 | 000,015,784 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2007/10/26 10:55:44 | 000,162,344 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2007/09/19 16:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/05/14 22:03:24 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/11/10 05:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/11/02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2005/12/22 02:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBICP.sys -- (uisp)
DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-606747145-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKU\S-1-5-21-1644491937-606747145-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1644491937-606747145-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKU\S-1-5-21-1644491937-606747145-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKU\S-1-5-21-1644491937-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.5.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.samenc.co...ls=VVoyyFmq&q="

FF - user.js..keyword.URL: "http://www.samenc.co...ls=VVoyyFmq&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 21:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/26 23:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/17 09:02:16 | 000,000,000 | ---D | M]

[2011/09/30 16:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2010/06/08 10:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions\[email protected]
[2010/09/05 19:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions\[email protected]
[2011/12/13 11:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions
[2010/05/02 03:42:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 11:00:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/02 16:33:47 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/11/18 04:49:54 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/01/17 13:02:03 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\[email protected]
[2011/11/29 10:14:15 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\[email protected]
[2011/11/29 10:14:16 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\bing-zugo.xml
[2010/08/25 13:49:04 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\daemon-search.xml
[2010/08/13 11:15:38 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\google-search.xml
[2011/09/02 16:33:17 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\SearchResults.xml
[2011/12/22 00:45:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/22 00:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/04/02 13:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/02 13:41:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L8VBE4D7.DEFAULT\EXTENSIONS\[email protected]
[2011/11/09 21:21:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/04/22 16:07:33 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/09/30 16:35:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2010/08/13 11:15:38 | 000,002,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml
[2011/09/02 16:33:17 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/09 21:21:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/06 17:43:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1644491937-606747145-725345543-1004..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1644491937-606747145-725345543-1004..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1644491937-606747145-725345543-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1644491937-606747145-725345543-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kevin\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01D72D47-0A7F-4369-BEA4-F3FA8A9323B1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B914B0DA-C527-486C-BA8C-959F09380036}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF0A41FF-2D19-42EC-B48E-ADC4ACBC95EB}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) -c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\iebho.dll) -c:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/30 15:59:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 16:15:20 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kevin\Desktop\aswMBR.exe
[2011/12/29 14:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\mkvtoolnix
[2011/12/27 17:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\.MakeMKV
[2011/12/27 11:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Start Menu\Programs\CyberLink PowerDVD 8
[2011/12/23 10:22:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2011/12/22 00:45:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/22 00:45:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/22 00:45:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/17 10:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Virtual Dub New
[2011/12/17 04:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\SUPERAntiSpyware.com
[2011/12/17 04:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/12/17 04:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/17 04:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/16 05:45:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kevin\Recent
[2011/12/13 01:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/13 01:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/09 16:24:20 | 000,000,000 | ---D | C] -- C:\AEonish
[2011/12/09 00:56:48 | 000,000,000 | ---D | C] -- C:\AEonish HUB
[2011/12/01 17:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2011/12/01 17:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/12/01 17:29:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/12/01 15:18:36 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2011/12/01 15:18:36 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2008/07/27 14:55:25 | 000,033,792 | ---- | C] ( ) -- C:\Program Files\auxsetup.exe
[2008/07/27 14:55:25 | 000,031,232 | ---- | C] ( ) -- C:\Program Files\vdremote.dll
[2008/07/27 14:55:25 | 000,029,696 | ---- | C] ( ) -- C:\Program Files\vdicmdrv.dll
[2008/07/27 14:55:25 | 000,025,088 | ---- | C] ( ) -- C:\Program Files\vdsvrlnk.dll
[2008/07/27 14:55:25 | 000,008,704 | ---- | C] ( ) -- C:\Program Files\vdub.exe
[2008/02/04 04:01:24 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\Kevin\Application Data\pcouffin.sys
[2 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 16:14:30 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6C652DC1-DEEA-4606-AA07-30DA84A0DC89}.job
[2011/12/30 16:14:27 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kevin\Desktop\aswMBR.exe
[2011/12/30 15:43:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 08:10:11 | 000,001,118 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2011/12/29 17:43:11 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 15:08:53 | 000,012,650 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/28 22:26:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/28 15:27:25 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mkvmerge GUI.lnk
[2011/12/27 11:52:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/12/27 11:52:34 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/12/27 11:51:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 12:09:48 | 000,012,303 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb0000
[2011/12/26 12:09:48 | 000,000,121 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb
[2011/12/25 16:49:22 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/12/25 03:00:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\DietPower 4.4 Updates.job
[2011/12/24 15:26:07 | 000,001,184 | -H-- | M] () -- C:\Documents and Settings\Kevin\Application Data\vso_ts_preview.xml
[2011/12/23 10:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2011/12/22 15:12:55 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 17:34:33 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/12/19 17:34:33 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2011/12/17 15:45:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/17 04:02:31 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/13 11:45:39 | 000,285,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 01:23:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/09 00:56:01 | 020,499,377 | R--- | M] () -- C:\Documents and Settings\Kevin\Desktop\Æonish Hub.rar
[2011/12/02 17:24:56 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 02:56:32 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\gmer.exe
[2011/12/17 04:02:31 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/13 01:23:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/09 00:58:36 | 020,499,377 | R--- | C] () -- C:\Documents and Settings\Kevin\Desktop\Æonish Hub.rar
[2011/12/08 17:22:49 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Aeonish Batch Rename.bat
[2011/12/08 17:22:47 | 043,503,572 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Æonish Hub Moviesheet Video Guide.avi
[2011/11/29 10:15:25 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/11/20 05:11:12 | 000,728,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/28 13:52:32 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/25 19:01:07 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 11:02:42 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/07/02 11:02:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/07/02 11:02:26 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/07/02 11:02:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2011/07/02 11:01:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/07/02 10:58:20 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/06/23 14:08:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/16 04:51:20 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/16 04:51:17 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/16 04:51:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/31 00:21:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vqayi.dat
[2011/03/10 03:05:14 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/24 07:43:53 | 000,018,856 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\50VeHH3i3K
[2010/04/24 07:43:53 | 000,018,856 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\50VeHH3i3K
[2010/03/18 17:30:17 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/08 02:52:25 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/02/06 22:51:56 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/09/10 15:08:52 | 000,061,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/07 06:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/07 06:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/16 04:44:33 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/05/16 04:44:31 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/11/15 10:02:26 | 001,866,670 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/09/28 00:13:52 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2008/09/15 14:53:46 | 000,000,307 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/23 09:06:41 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/08/21 04:00:10 | 000,000,562 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\AutoGK.ini
[2008/08/21 03:59:27 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe
[2008/08/18 13:44:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/16 21:36:06 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/08/09 07:08:16 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/08/03 10:37:42 | 000,000,323 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/07/27 14:55:37 | 000,000,178 | ---- | C] () -- C:\Program Files\VirtualDub.jobs
[2008/07/27 14:55:25 | 000,967,680 | ---- | C] () -- C:\Program Files\VirtualDub.exe
[2008/07/27 14:55:25 | 000,240,395 | ---- | C] () -- C:\Program Files\VirtualDub.chm
[2008/07/27 14:55:25 | 000,202,756 | ---- | C] () -- C:\Program Files\VirtualDub.vdi
[2008/07/27 14:55:25 | 000,018,321 | ---- | C] () -- C:\Program Files\copying
[2008/07/18 14:57:39 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\default.pls
[2008/07/08 11:31:55 | 000,001,184 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\vso_ts_preview.xml
[2008/06/23 12:43:22 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\faxman32.INI
[2008/06/23 12:41:29 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dtmon.dll
[2008/06/23 12:41:28 | 000,003,773 | ---- | C] () -- C:\WINDOWS\OEDEVKIT.INI
[2008/06/23 12:41:28 | 000,000,761 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2008/06/23 12:41:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WININI.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/05 09:53:24 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\avsfilter.dll
[2008/02/10 17:30:50 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/02/10 17:30:50 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/02/10 17:30:50 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/02/10 17:30:50 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/02/10 17:30:50 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/02/10 17:30:50 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/02/10 17:30:50 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/02/10 17:30:50 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/02/10 17:30:50 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/02/10 17:30:50 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/02/10 17:30:50 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/02/10 17:30:50 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/02/10 17:30:50 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/02/10 17:30:50 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/02/10 17:30:50 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/02/10 17:30:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/08 11:43:23 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/02/04 04:01:24 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\pcouffin.cat
[2008/02/04 04:01:24 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\pcouffin.inf
[2008/02/03 08:07:02 | 000,000,260 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/02 13:08:07 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/01 10:34:14 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/01/30 16:54:51 | 000,000,024 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\MyPhrases.dta
[2008/01/30 16:34:19 | 000,003,447 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/30 16:32:38 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/30 16:25:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/30 16:22:31 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/01/30 16:22:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/30 16:08:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/01/30 16:01:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/01/30 15:56:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/01/30 07:49:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/30 07:45:57 | 000,285,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/10 05:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/02/28 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 04:00:00 | 000,457,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 04:00:00 | 000,075,850 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/10/14 01:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 01:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 01:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 01:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 01:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/09/12 19:09:34 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\AvsRecursion.dll
[2004/01/23 18:35:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/02/01 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/04/01 11:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/09/02 16:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/12/02 14:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CustomPortal
[2010/08/25 13:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/08 10:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DietPower4.4
[2010/03/18 16:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2011/04/16 04:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2008/01/30 16:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011/08/27 09:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/01/17 09:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/01/01 17:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2011/11/29 10:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/12/29 13:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/06/19 09:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/22 15:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2010/05/14 14:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/04/01 16:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2008/07/27 09:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2008/02/17 15:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/12/12 10:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/12 10:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2011/07/29 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/01/30 16:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/04/03 01:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/05/16 04:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2011/12/16 05:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/26 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/11/10 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/09/14 05:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/11/29 12:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
[2011/07/02 11:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2009/03/12 00:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/31 11:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 11:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 10:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/12/25 03:00:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E10FF271-9F2D-4C0C-8608-58B0522700B4}
[2010/08/12 00:37:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\4Media
[2008/01/30 16:55:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\Acoustica
[2011/06/13 15:28:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\Amazon
[2010/02/07 12:21:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\AnvSoft
[2008/08/24 13:31:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\Any Video Converter
[2008/07/09 17:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Auslogics
[2010/02/06 16:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\avidemux
[2011/12/25 12:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Azureus
[2011/09/02 16:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Bandoo
[2009/11/13 22:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Blitware
[2009/01/25 03:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools
[2009/05/16 02:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Lite
[2009/01/25 03:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Pro
[2011/11/05 16:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Digiarty
[2010/02/21 16:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DVD Profiler
[2011/12/01 17:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2008/09/13 06:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\GeoVid
[2008/02/23 00:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Grisoft
[2010/02/06 16:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\gtk-2.0
[2011/10/19 08:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\HandBrake
[2008/02/02 07:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ImgBurn
[2011/06/19 09:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2008/07/13 04:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\iWin
[2008/09/17 13:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2008/02/03 04:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\LEAPS
[2008/04/01 16:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Locktime
[2011/12/29 14:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mkvtoolnix
[2010/02/16 01:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Movie Label
[2008/07/27 09:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\NewsLeecher
[2008/05/23 18:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Notepad++
[2009/08/29 22:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Octoshape
[2011/08/27 14:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\OpenCandy
[2009/01/07 16:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Opera
[2009/12/25 03:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Pegasys Inc
[2011/07/02 11:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ScanSoft
[2009/12/24 15:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SearchmeToolbar
[2011/09/02 16:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\searchquband
[2011/09/03 08:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\searchqutoolbar
[2009/03/14 02:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SmartDraw
[2011/03/16 16:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Sony Online Entertainment
[2011/06/24 15:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SystemRequirementsLab
[2011/11/12 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ThumbGen
[2008/07/26 08:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TuneUp Software
[2008/02/02 00:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TypingMaster7
[2010/11/10 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Ubisoft
[2011/06/13 14:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Unity
[2010/06/04 11:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Utherverse
[2011/11/20 12:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\uTorrent
[2008/09/06 11:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ValuSoft
[2009/03/08 05:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\VidaOne
[2010/06/08 10:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Vivox
[2011/12/24 15:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Vso
[2008/11/08 07:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Desktop Search
[2008/11/08 18:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Search
[2011/11/29 12:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Xilisoft
[2010/02/07 11:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Xilisoft Corporation
[2011/07/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Zeon
[2011/12/27 11:52:34 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/12/25 03:00:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\DietPower 4.4 Updates.job
[2011/12/30 16:14:30 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C652DC1-DEEA-4606-AA07-30DA84A0DC89}.job

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2011/04/02 19:44:32 | 005,393,408 | ---- | M] (ThumbGen) -- C:\ThumbGen.Designer.exe

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006/02/28 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 10:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 10:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2006/02/28 04:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2006/02/28 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 21:21:48 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 21:21:48 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 21:21:48 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/09 21:21:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 21:21:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/09 21:21:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 21:21:48 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 21:21:48 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 21:21:48 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/09 21:21:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 21:21:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/09 21:21:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55DB0DDA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25C0BB42

< End of report >

EXTRA REPORT

OTL Extras logfile created on: 12/30/2011 4:26:10 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 39.71% Memory free
5.34 Gb Paging File | 3.18 Gb Available in Paging File | 59.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 70.03 Gb Free Space | 30.07% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 141.22 Gb Free Space | 15.16% Space Free | Partition Type: NTFS
Drive Z: | 930.44 Gb Total Space | 652.79 Gb Free Space | 70.16% Space Free | Partition Type: NTFS

Computer Name: KEVINPC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1644491937-606747145-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"23423:TCP" = 23423:TCP:LocalSubNet:Enabled:Serviio

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Program Files\Serviio\bin\ServiioService.exe" = C:\Program Files\Serviio\bin\ServiioService.exe:*:Enabled:Serviio -- ()
"C:\Program Files\Serviio\bin\ServiioConsole.exe" = C:\Program Files\Serviio\bin\ServiioConsole.exe:*:Enabled:Serviio -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1EEAEAD7-95F3-489C-AB71-D188D530A951}" = Wireless USB Card
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 30
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{31FD9031-FA28-4F73-9FD1-D7E9997C41CE}" = Brother MFL-Pro Suite MFC-J410W
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4BCDD100-3029-42C3-B7F7-4A0DA414861D}" = DietPower 4.4
"{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"{4EF35707-7052-4331-B8FD-549DB3922AD7}" = TMPGEnc DVD Author 3 with DivX Authoring
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6864ABC3-A982-436B-BEF1-5652D6303361}" = ESET NOD32 Antivirus
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93A7B24D-40FD-416C-ABCE-A8EC64207DDB}" = Body Tracker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{99341ACA-2A86-4235-A636-02A2A9820987}" = WD Discovery Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8D91F6B-803A-4579-9DAD-1377B56DC657}" = TMPGEnc Authoring Works 4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}" = On2 VP7 Personal Edition
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F356EDC7-F3BA-479D-B1E3-87D13BF5BDE9}" = WDTV MSG 1.7.0
"{FC5495CB-CDA5-4DCE-99DF-D1567DAF5A86}" = TMPGEnc 4.0 XPress
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"AC3ACM" = AC-3 ACM Codec
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alt.Binz" = Alt.Binz 0.25.0
"AnyDVD" = AnyDVD
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Cinema Craft Encoder SP" = Cinema Craft Encoder SP
"CloneDVD2" = CloneDVD2
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DietPower 4.4" = DietPower 4.4
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.1.3914 [2011-06-29]
"HandBrake" = HandBrake 0.9.5
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaInfo" = MediaInfo 0.7.48
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 4.9.1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"PRJPRO" = Microsoft Office Project Professional 2007
"QuickPar" = QuickPar 0.9
"SBC.MCCInstall" = AT&T Self Support Tool
"Searchqu 101 MediaBar" = Windows Searchqu Toolbar
"Serviio" = Serviio
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"The Rosetta Stone" = The Rosetta Stone
"TVersity Media Server" = TVersity Media Server 1.9.7
"UltraISO_is1" = UltraISO Premium V9.36
"Uninstall_is1" = Uninstall 1.0.0.1
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.8
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Ripper Ultimate" = Xilisoft DVD Ripper Ultimate
"Xilisoft DVD Ripper Ultimate 6" = Xilisoft DVD Ripper Ultimate 6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1644491937-606747145-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-DC Universe Online Live" = DC Universe Online Live

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2011 2:06:45 PM | Computer Name = KEVINPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/30 10:06:45.687]: [00002384]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.82]

Error - 12/30/2011 2:14:00 PM | Computer Name = KEVINPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/30 10:14:00.484]: [00002384]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.1.82]

Error - 12/30/2011 5:24:26 PM | Computer Name = KEVINPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/30 13:24:26.843]: [00002384]: GetDeviceIpAddress:
GetAddressByName [BRW0022587366EA] Error

Error - 12/30/2011 5:24:35 PM | Computer Name = KEVINPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/30 13:24:35.843]: [00002384]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.82]

Error - 12/30/2011 5:25:05 PM | Computer Name = KEVINPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/30 13:25:05.765]: [00002384]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.82]

Error - 12/30/2011 5:25:05 PM | Computer Name = KEVINPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/30 13:25:05.875]: [00002384]: GetDeviceIpAddress:
GetAddressByName [BRW0022587366EA] Error

Error - 12/30/2011 5:25:35 PM | Computer Name = KEVINPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/30 13:25:35.890]: [00002384]: GetDeviceIpAddress:
GetAddressByName [BRW0022587366EA] Error

Error - 12/30/2011 5:26:14 PM | Computer Name = KEVINPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/30 13:26:14.765]: [00002384]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.82]

Error - 12/30/2011 5:26:14 PM | Computer Name = KEVINPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/30 13:26:14.828]: [00002384]: GetDeviceIpAddress:
GetAddressByName [BRW0022587366EA] Error

Error - 12/30/2011 5:26:44 PM | Computer Name = KEVINPC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/12/30 13:26:44.859]: [00002384]: GetDeviceIpAddress:
GetAddressByName [BRW0022587366EA] Error

[ OSession Events ]
Error - 6/20/2009 9:48:20 AM | Computer Name = KEVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/20/2009 9:48:28 AM | Computer Name = KEVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/20/2009 9:48:32 AM | Computer Name = KEVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/20/2009 9:48:42 AM | Computer Name = KEVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/15/2009 5:15:23 PM | Computer Name = KEVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/15/2009 5:15:31 PM | Computer Name = KEVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/15/2009 5:15:38 PM | Computer Name = KEVINPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/23/2011 8:44:22 PM | Computer Name = KEVINPC | Source = Service Control Manager | ID = 7022
Description = The NVIDIA Update Service Daemon service hung on starting.

Error - 12/23/2011 8:44:42 PM | Computer Name = KEVINPC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/24/2011 2:10:54 PM | Computer Name = KEVINPC | Source = Service Control Manager | ID = 7022
Description = The NVIDIA Update Service Daemon service hung on starting.

Error - 12/24/2011 2:13:44 PM | Computer Name = KEVINPC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/26/2011 4:33:31 AM | Computer Name = KEVINPC | Source = Service Control Manager | ID = 7022
Description = The NVIDIA Update Service Daemon service hung on starting.

Error - 12/26/2011 4:33:41 AM | Computer Name = KEVINPC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/26/2011 3:05:06 PM | Computer Name = KEVINPC | Source = Service Control Manager | ID = 7022
Description = The NVIDIA Update Service Daemon service hung on starting.

Error - 12/26/2011 3:06:00 PM | Computer Name = KEVINPC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/27/2011 3:55:07 PM | Computer Name = KEVINPC | Source = Service Control Manager | ID = 7022
Description = The NVIDIA Update Service Daemon service hung on starting.

Error - 12/27/2011 3:56:10 PM | Computer Name = KEVINPC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly.
It has done this 1 time(s).

< End of report >

ASWMBR Report

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 16:33:28
-----------------------------
16:33:28.265 OS Version: Windows 5.1.2600 Service Pack 3
16:33:28.265 Number of processors: 2 586 0xF0B
16:33:28.265 ComputerName: KEVINPC UserName: Kevin
16:33:29.171 Initialize success
16:33:32.312 AVAST engine defs: 11123001
16:33:41.218 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1b
16:33:41.218 Disk 0 Vendor: ST31000340AS SD15 Size: 953868MB BusType: 3
16:33:41.218 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-26
16:33:41.218 Disk 1 Vendor: ST3250410AS 3.AAC Size: 238474MB BusType: 3
16:33:41.218 Disk 1 MBR read successfully
16:33:41.218 Disk 1 MBR scan
16:33:41.250 Disk 1 Windows XP default MBR code
16:33:41.250 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
16:33:41.250 Disk 1 scanning sectors +488376000
16:33:41.375 Disk 1 scanning C:\WINDOWS\system32\drivers
16:34:01.859 Service scanning
16:34:02.671 Modules scanning
16:34:28.031 Disk 1 trace - called modules:
16:34:28.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:34:28.078 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b190ab8]
16:34:28.078 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000077[0x8b11ff18]
16:34:28.078 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-26[0x8b093d98]
16:34:28.812 AVAST engine scan C:\WINDOWS
16:35:12.890 AVAST engine scan C:\WINDOWS\system32
16:39:43.015 AVAST engine scan C:\WINDOWS\system32\drivers
16:40:46.421 AVAST engine scan C:\Documents and Settings\Kevin
17:22:29.484 AVAST engine scan C:\Documents and Settings\All Users
17:35:08.296 Scan finished successfully
18:15:36.218 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Kevin\Desktop\MBR.dat"
18:15:36.234 The log file has been saved successfully to "C:\Documents and Settings\Kevin\Desktop\aswMBR.txt"

#4
havredave

Posted 31 December 2011 - 10:08 PM

GeekU Moderator

GeekU Moderator
1,711 posts

I'll begin going over these logs as soon as I can, but please note that due to the long weekend, I'm not on very much. I'll be back in force on Tuesday; I'll see what I can spot in the meantime though.

It appears you followed instructions perfectly, and the logs will give me a good start.

#5
havredave

Posted 02 January 2012 - 12:35 AM

GeekU Moderator

GeekU Moderator
1,711 posts

Just as something to do over the long weekend, I've a few instructions for you.

First

To save your sanity, for these instructions, you'll want to disable TeaTimer. To do so, please follow these instructions:

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Second

Please use Add/Remove Programs in the Control Panel to remove the following software:

Windows Searchqu Toolbar

Third

Some advice:

Take great care using Vuse; bittorrent applications can download from uncontrolled machines, so you really have no idea sometimes of knowing what you're getting. Be sure to double-check the source and check downloads for infection before using them.

You'll also want to update Adobe Reader. Current is 10.0.1.1 I believe, and you're on 8.3.1. That is an avenue of infection if you happen upon a crafted .pdf, so it's best to keep it up to date.

I see you have both Ad-Aware and SUPER Anti-Spyware installed; I would personally recommend removing one of these, since they both run all the time. If you have one of them turned off except for when you scan, disregard that advice. However, during your last OTL scan, both of them were running, so I thought it worth mentioning.

Last

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/09/02 16:33:47 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKU\S-1-5-21-1644491937-606747145-725345543-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) -c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\iebho.dll) -c:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)


:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" =-

:Files
C:\Documents and Settings\Kevin\Application Data\searchquband
C:\Documents and Settings\Kevin\Application Data\searchqutoolbar

:Commands
[createrestorepoint]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

In all, please post back with the new OTL.txt log, and your experiences with the other instructions. If you had trouble or noticed anything out of the ordinary, please mention it.

#6
Kevin Smith

Posted 02 January 2012 - 01:59 PM

New Member

Topic Starter
Member
9 posts

Havredave

Your instructions are not complicated, and your instructions are easy to follow. I will be taking care of this in about an hour from now, I just wanted you to know that I am following your advice, and am actively working with you.

One note, by all means, take you time, you are helping me tremendously and I appreciate it, so by all means enjoy your extended weekend.

#7
Kevin Smith

Posted 03 January 2012 - 01:31 PM

New Member

Topic Starter
Member
9 posts

Havredave

Everything went well. I uninstalled Ad Aware and Spybot for starters. As for Vuze, I understand your concern, it is something I use vary rarely (like 2 times in the last 12 months) and I will probably just delete it. Outside of that everything went well. I also uninstalled Windows Searchqu Toolbar. Below if the OTL log after I used the custom scan and run fix, then rebooted.

OTL logfile created on: 1/3/2012 11:22:55 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 69.76% Memory free
5.34 Gb Paging File | 4.36 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 68.35 Gb Free Space | 29.35% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 126.57 Gb Free Space | 13.59% Space Free | Partition Type: NTFS

Computer Name: KEVINPC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 11:13:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/23 10:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
PRC - [2011/11/15 01:21:32 | 000,538,376 | ---- | M] () -- C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
PRC - [2011/11/15 01:21:32 | 000,263,944 | ---- | M] () -- C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe
PRC - [2011/10/11 07:17:41 | 005,389,944 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2011/09/25 09:59:52 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
PRC - [2011/09/25 09:59:48 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
PRC - [2011/08/22 00:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/29 11:31:40 | 001,249,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2010/01/16 08:54:08 | 000,717,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/12/24 14:52:05 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/08/28 17:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/07/16 19:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/02 11:13:42 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/31 09:30:03 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/15 01:21:32 | 000,538,376 | ---- | M] () -- C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
MOD - [2011/11/15 01:21:32 | 000,263,944 | ---- | M] () -- C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe
MOD - [2011/09/25 09:59:52 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
MOD - [2011/09/25 09:59:48 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/08/22 00:18:06 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/07/29 11:31:40 | 001,249,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
MOD - [2011/07/13 10:36:02 | 000,795,448 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avformat-52.dll
MOD - [2011/07/13 10:36:02 | 000,347,944 | ---- | M] () -- C:\Program Files\TVersity\Media Server\taglib.dll
MOD - [2011/07/13 10:36:02 | 000,313,640 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
MOD - [2011/07/13 10:36:00 | 000,716,584 | ---- | M] () -- C:\Program Files\TVersity\Media Server\log4cxx.dll
MOD - [2011/07/13 10:36:00 | 000,509,720 | ---- | M] () -- C:\Program Files\TVersity\Media Server\sqlite3.dll
MOD - [2011/07/13 10:36:00 | 000,225,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MOD - [2011/07/13 10:36:00 | 000,083,768 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avutil-50.dll
MOD - [2011/07/13 10:36:00 | 000,031,528 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_xlib_.dll
MOD - [2011/07/13 10:35:58 | 004,534,072 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avcodec-52.dll
MOD - [2011/07/13 10:35:58 | 000,203,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\swscale-0.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [1997/07/21 11:22:38 | 000,051,200 | ---- | M] () -- C:\WINDOWS\system32\dtmon.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (aawservice)
SRV - [2011/11/15 01:21:32 | 000,538,376 | ---- | M] () [Auto | Running] -- C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy)
SRV - [2011/11/15 01:21:32 | 000,263,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav)
SRV - [2011/09/25 09:59:48 | 000,276,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/29 11:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011/05/24 22:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/12 10:09:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/24 14:52:05 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - [2011/08/19 07:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/02/08 02:27:17 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/02/08 02:27:17 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/02/08 02:27:17 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/02/08 02:27:17 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/02/08 02:24:01 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/08 02:23:24 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/02/08 02:23:21 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2010/02/08 02:23:17 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/01/29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/12/24 14:52:05 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/11/16 09:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/11/16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/28 17:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/10/06 02:33:17] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/06/17 08:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 08:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 08:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 08:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 08:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 08:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/11 15:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/05/16 04:44:33 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/05/16 04:44:31 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/09/17 12:28:49 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/10/26 10:55:46 | 000,015,784 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2007/10/26 10:55:44 | 000,162,344 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2007/09/19 16:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/05/14 22:03:24 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/11/10 05:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/11/02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2005/12/22 02:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBICP.sys -- (uisp)
DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.5.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.samenc.co...ls=VVoyyFmq&q="

FF - user.js..keyword.URL: "http://www.samenc.co...ls=VVoyyFmq&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 11:13:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/02 11:37:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/17 09:02:16 | 000,000,000 | ---D | M]

[2011/09/30 16:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2010/06/08 10:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions\[email protected]
[2010/09/05 19:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions\[email protected]
[2012/01/02 11:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions
[2010/05/02 03:42:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 11:00:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/18 04:49:54 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/01/17 13:02:03 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\[email protected]
[2011/11/29 10:14:15 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\extensions\[email protected]
[2011/11/29 10:14:16 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\bing-zugo.xml
[2010/08/25 13:49:04 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\daemon-search.xml
[2010/08/13 11:15:38 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\google-search.xml
[2011/09/02 16:33:17 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\l8vbe4d7.default\searchplugins\SearchResults.xml
[2012/01/02 11:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/02 13:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/02 13:41:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L8VBE4D7.DEFAULT\EXTENSIONS\[email protected]
[2012/01/02 11:13:44 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/04/22 16:07:33 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/09/30 16:35:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2010/08/13 11:15:38 | 000,002,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml
[2011/09/02 16:33:17 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/09 21:21:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/06 17:43:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\Twonky 7.0.lnk = C:\Program Files\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kevin\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01D72D47-0A7F-4369-BEA4-F3FA8A9323B1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B914B0DA-C527-486C-BA8C-959F09380036}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF0A41FF-2D19-42EC-B48E-ADC4ACBC95EB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/30 15:59:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/03 11:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Start Menu\Programs\CyberLink PowerDVD 8
[2012/01/03 11:05:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/02 12:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\VS Revo Group
[2012/01/02 11:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/01/02 11:35:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/01 15:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\TwonkyServer
[2012/01/01 15:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\twonky
[2012/01/01 15:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\twonkyserver
[2012/01/01 15:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Start Menu\Programs\Twonky 7.0
[2012/01/01 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Twonky
[2011/12/30 16:15:20 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kevin\Desktop\aswMBR.exe
[2011/12/29 14:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\mkvtoolnix
[2011/12/27 17:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\.MakeMKV
[2011/12/23 10:22:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2011/12/17 10:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Virtual Dub New
[2011/12/17 04:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\SUPERAntiSpyware.com
[2011/12/17 04:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/12/17 04:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/17 04:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/16 05:45:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kevin\Recent
[2011/12/13 01:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/13 01:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/09 16:24:20 | 000,000,000 | ---D | C] -- C:\AEonish
[2011/12/09 00:56:48 | 000,000,000 | ---D | C] -- C:\AEonish HUB
[2008/07/27 14:55:25 | 000,033,792 | ---- | C] ( ) -- C:\Program Files\auxsetup.exe
[2008/07/27 14:55:25 | 000,031,232 | ---- | C] ( ) -- C:\Program Files\vdremote.dll
[2008/07/27 14:55:25 | 000,029,696 | ---- | C] ( ) -- C:\Program Files\vdicmdrv.dll
[2008/07/27 14:55:25 | 000,025,088 | ---- | C] ( ) -- C:\Program Files\vdsvrlnk.dll
[2008/07/27 14:55:25 | 000,008,704 | ---- | C] ( ) -- C:\Program Files\vdub.exe
[2008/02/04 04:01:24 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\Kevin\Application Data\pcouffin.sys
[2 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/03 11:18:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6C652DC1-DEEA-4606-AA07-30DA84A0DC89}.job
[2012/01/03 11:13:03 | 000,001,118 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2012/01/03 11:09:27 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/03 11:09:27 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2012/01/03 11:09:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2012/01/03 11:09:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/03 10:43:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/02 11:37:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/02 11:08:22 | 000,012,650 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/01 15:13:14 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\Twonky 7.0.lnk
[2012/01/01 15:13:14 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Twonky 7.0.lnk
[2012/01/01 03:00:15 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\DietPower 4.4 Updates.job
[2011/12/31 09:37:48 | 000,457,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/31 09:37:48 | 000,075,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/30 18:15:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\MBR.dat
[2011/12/30 16:14:27 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kevin\Desktop\aswMBR.exe
[2011/12/28 22:26:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/28 15:27:25 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mkvmerge GUI.lnk
[2011/12/26 12:09:48 | 000,012,303 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb0000
[2011/12/26 12:09:48 | 000,000,121 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb
[2011/12/25 16:49:22 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/12/24 15:26:07 | 000,001,184 | -H-- | M] () -- C:\Documents and Settings\Kevin\Application Data\vso_ts_preview.xml
[2011/12/23 10:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2011/12/22 15:12:55 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 17:34:33 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/12/19 17:34:33 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2011/12/17 15:45:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/17 04:02:31 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/13 11:45:39 | 000,285,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 01:23:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/09 00:56:01 | 020,499,377 | R--- | M] () -- C:\Documents and Settings\Kevin\Desktop\Æonish Hub.rar
[2 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 11:37:43 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/02 11:37:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/01 15:13:14 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\Twonky 7.0.lnk
[2012/01/01 15:13:14 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Twonky 7.0.lnk
[2011/12/30 18:15:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\MBR.dat
[2011/12/30 02:56:32 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\gmer.exe
[2011/12/17 04:02:31 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/13 01:23:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/09 00:58:36 | 020,499,377 | R--- | C] () -- C:\Documents and Settings\Kevin\Desktop\Æonish Hub.rar
[2011/12/08 17:22:49 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Aeonish Batch Rename.bat
[2011/11/29 10:15:25 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/11/20 05:11:12 | 000,728,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/28 13:52:32 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/25 19:01:07 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 11:02:42 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/07/02 11:02:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/07/02 11:02:26 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/07/02 11:02:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2011/07/02 11:01:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/07/02 10:58:20 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/06/23 14:08:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/16 04:51:20 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/16 04:51:17 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/16 04:51:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/31 00:21:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vqayi.dat
[2011/03/10 03:05:14 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/24 07:43:53 | 000,018,856 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\50VeHH3i3K
[2010/04/24 07:43:53 | 000,018,856 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\50VeHH3i3K
[2010/03/18 17:30:17 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/08 02:52:25 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/02/06 22:51:56 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/09/10 15:08:52 | 000,061,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/07 06:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/07 06:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/16 04:44:33 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/05/16 04:44:31 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/11/15 10:02:26 | 001,866,670 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/09/28 00:13:52 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2008/09/15 14:53:46 | 000,000,307 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/23 09:06:41 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/08/21 04:00:10 | 000,000,562 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\AutoGK.ini
[2008/08/21 03:59:27 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe
[2008/08/18 13:44:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/16 21:36:06 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/08/09 07:08:16 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/08/03 10:37:42 | 000,000,323 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/07/27 14:55:37 | 000,000,178 | ---- | C] () -- C:\Program Files\VirtualDub.jobs
[2008/07/27 14:55:25 | 000,967,680 | ---- | C] () -- C:\Program Files\VirtualDub.exe
[2008/07/27 14:55:25 | 000,240,395 | ---- | C] () -- C:\Program Files\VirtualDub.chm
[2008/07/27 14:55:25 | 000,202,756 | ---- | C] () -- C:\Program Files\VirtualDub.vdi
[2008/07/27 14:55:25 | 000,018,321 | ---- | C] () -- C:\Program Files\copying
[2008/07/18 14:57:39 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\default.pls
[2008/07/08 11:31:55 | 000,001,184 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\vso_ts_preview.xml
[2008/06/23 12:43:22 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\faxman32.INI
[2008/06/23 12:41:29 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dtmon.dll
[2008/06/23 12:41:28 | 000,003,773 | ---- | C] () -- C:\WINDOWS\OEDEVKIT.INI
[2008/06/23 12:41:28 | 000,000,761 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2008/06/23 12:41:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WININI.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 10:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/05 09:53:24 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\avsfilter.dll
[2008/02/10 17:30:50 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/02/10 17:30:50 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/02/10 17:30:50 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/02/10 17:30:50 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/02/10 17:30:50 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/02/10 17:30:50 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/02/10 17:30:50 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/02/10 17:30:50 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/02/10 17:30:50 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/02/10 17:30:50 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/02/10 17:30:50 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/02/10 17:30:50 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/02/10 17:30:50 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/02/10 17:30:50 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/02/10 17:30:50 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/02/10 17:30:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/08 11:43:23 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/02/04 04:01:24 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\pcouffin.cat
[2008/02/04 04:01:24 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\pcouffin.inf
[2008/02/03 08:07:02 | 000,000,260 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/02 13:08:07 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/01 10:34:14 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/01/30 16:54:51 | 000,000,024 | -H-- | C] () -- C:\Documents and Settings\Kevin\Application Data\MyPhrases.dta
[2008/01/30 16:34:19 | 000,003,447 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/30 16:32:38 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/30 16:25:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/30 16:22:31 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/01/30 16:22:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/30 16:08:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/01/30 16:01:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/01/30 15:56:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/01/30 07:49:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/30 07:45:57 | 000,285,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/10 05:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/02/28 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 04:00:00 | 000,457,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 04:00:00 | 000,075,850 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/10/14 01:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 01:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 01:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 01:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 01:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/09/12 19:09:34 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\AvsRecursion.dll
[2004/01/23 18:35:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/02/01 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/04/01 11:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011/09/02 16:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/12/02 14:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CustomPortal
[2010/08/25 13:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/06/08 10:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DietPower4.4
[2010/03/18 16:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2011/04/16 04:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2008/01/30 16:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011/08/27 09:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/01/17 09:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/01/01 17:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2011/11/29 10:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/12/29 13:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/06/19 09:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/22 15:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2010/05/14 14:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/04/01 16:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2008/07/27 09:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2008/02/17 15:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/12/12 10:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/12/12 10:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2011/07/29 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/01/30 16:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/04/03 01:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/05/16 04:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2011/12/16 05:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/26 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/01/01 15:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\twonky
[2012/01/03 11:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\twonkyserver
[2010/11/10 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/09/14 05:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/11/29 12:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
[2011/07/02 11:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2009/03/12 00:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/31 11:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 11:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 10:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/01 03:00:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E10FF271-9F2D-4C0C-8608-58B0522700B4}
[2010/08/12 00:37:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\4Media
[2008/01/30 16:55:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\Acoustica
[2011/06/13 15:28:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\Amazon
[2010/02/07 12:21:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\AnvSoft
[2008/08/24 13:31:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\Any Video Converter
[2008/07/09 17:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Auslogics
[2010/02/06 16:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\avidemux
[2012/01/01 05:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Azureus
[2011/09/02 16:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Bandoo
[2009/11/13 22:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Blitware
[2009/01/25 03:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools
[2009/05/16 02:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Lite
[2009/01/25 03:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Pro
[2011/11/05 16:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Digiarty
[2010/02/21 16:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DVD Profiler
[2011/12/01 17:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2008/09/13 06:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\GeoVid
[2008/02/23 00:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Grisoft
[2010/02/06 16:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\gtk-2.0
[2011/10/19 08:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\HandBrake
[2008/02/02 07:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ImgBurn
[2011/06/19 09:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2008/07/13 04:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\iWin
[2008/09/17 13:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2008/02/03 04:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\LEAPS
[2008/04/01 16:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Locktime
[2011/12/29 14:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mkvtoolnix
[2010/02/16 01:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Movie Label
[2008/07/27 09:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\NewsLeecher
[2008/05/23 18:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Notepad++
[2009/08/29 22:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Octoshape
[2011/08/27 14:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\OpenCandy
[2009/01/07 16:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Opera
[2009/12/25 03:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Pegasys Inc
[2011/07/02 11:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ScanSoft
[2009/12/24 15:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SearchmeToolbar
[2009/03/14 02:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SmartDraw
[2011/03/16 16:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Sony Online Entertainment
[2011/06/24 15:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SystemRequirementsLab
[2011/11/12 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ThumbGen
[2008/07/26 08:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TuneUp Software
[2012/01/03 11:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TwonkyServer
[2008/02/02 00:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TypingMaster7
[2010/11/10 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Ubisoft
[2011/06/13 14:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Unity
[2010/06/04 11:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Utherverse
[2011/11/20 12:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\uTorrent
[2008/09/06 11:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ValuSoft
[2009/03/08 05:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\VidaOne
[2010/06/08 10:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Vivox
[2011/12/24 15:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Vso
[2008/11/08 07:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Desktop Search
[2008/11/08 18:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Windows Search
[2011/11/29 12:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Xilisoft
[2010/02/07 11:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Xilisoft Corporation
[2011/07/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Zeon
[2012/01/03 11:09:27 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2012/01/01 03:00:15 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\DietPower 4.4 Updates.job
[2012/01/03 11:18:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C652DC1-DEEA-4606-AA07-30DA84A0DC89}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55DB0DDA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25C0BB42

< End of report >

#8
havredave

Posted 03 January 2012 - 02:10 PM

GeekU Moderator

GeekU Moderator
1,711 posts

Looks reasonable so far. Any performance change yet?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next, please update your installed ESET antivirus, and perform a full scan with it; also include that in a reply if you would. I can find instructions for this as well if you need them.

#9
Kevin Smith

Posted 03 January 2012 - 02:14 PM

New Member

Topic Starter
Member
9 posts

Things are running faster and better, I will follow the next bit of instructions I already have Malwarebytes Anti-Malware so just updating and running now. I will do the same with Eset.

#10
Kevin Smith

Posted 04 January 2012 - 03:29 AM

New Member

Topic Starter
Member
9 posts

Computer running much better, below are the results of the last two scans you suggested.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kevin :: KEVINPC [administrator]

1/3/2012 12:16:51 PM
mbam-log-2012-01-03 (12-16-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193362
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET SCAN LOG.txt

Scan Log
Version of virus signature database: 6765 (20120103)
Date: 1/3/2012 Time: 1:49:02 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs3.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs4.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs5.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonDialogs5.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\jZipToolbar.zip » ZIP » {1FD91A9C-410C-4090-BBCC-55D3450EF433} - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\jZipToolbar.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\jZipToolbar1.zip » ZIP » {1FD91A9C-410C-4090-BBCC-55D3450EF433} - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\jZipToolbar1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO3.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO4.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO5.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO5.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO6.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NebulerBHO6.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\Kevin\Application Data\OpenCandy\OpenCandy_FC7ABA4B82134963AFA35081BA1095DE\SC3Unlimited_p2v0.exe » NSIS » SC3Unlimited.msi - archive damaged - the file could not be extracted.
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/bgBody.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/bgBodyOpenX.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/bgButton.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/bgButtonFinished.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/bgCheckbox.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/bgCloseProgram.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/bgDownloadBarEmpty.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/bgDownloadBarError.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/bgDownloadBarFull.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/bgHeaderError.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/buttonCenter.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/buttonCenterFinished.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/buttonLeft.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/buttonLeftFinished.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/buttonRight.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/buttonRightFinished.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/iconBlank.gif - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/iconComplete.gif - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/iconError.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/iconHeader.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » images/stencil.png - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _css/default.css - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _css/openx.css - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _host/app.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _host/bundleloader.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _host/host.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _host/httpdownload.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _host/interop.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _host/jshelper.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _host/json2.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _host/skinwindow.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _host/skinwindowprompt.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionactionlist.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionairappexists.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionairappinstall.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionairruntimeexists.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actioncheckuninstall.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actiondownload.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actiongccheck.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actiongtbcheck.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionlaunch.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionlaunchadobe.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionlaunchchrome.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionlaunchflashplayer.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionlist.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionregistrykeypathcheck.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/actionregistryvaluecheck.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/adobe.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/custom-form-elements.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/index.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-cs.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-da.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-de.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-en-gb.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-es.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-fi.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-fr.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-it.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-ja.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-ko.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-nl.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-no.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-pl.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-pt.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-ru.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-sv.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-tr.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-zh-cn.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language-zh-tw.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/language.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » _js/ping.js - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » app.config.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » bundles.json - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » download.solidconfig - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » downloader.bundle - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » index.html - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-cs.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-da.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-de.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-es.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-fi.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-fr.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-it.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-ja.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-ko.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-nl.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-no.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-pl.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-pt.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-ru.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-sv.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-tr.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-zh-cn.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language-zh-tw.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » language.xml - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » launcher.bundle - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » logo.ico - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » openx.html - error - password-protected file
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\XKG0WYNO\install_reader10_en_air_gtbd_aih[1].exe » ZIP » window.config.xml - error - password-protected file
C:\Documents and Settings\Kevin\My Documents\Downloads\Collectorz.com.Movie.Collector.Pro.v8.1.1-TE.rar » RAR » Collectorz.com.Movie.Collector.Pro.v8.1.1-TE\tmvc811a.zip » ZIP » tmvc811.rar » RAR » moviecollectorsetup.exe » INNO » - archive damaged
C:\Documents and Settings\Kevin\My Documents\Downloads\jre-6u30-windows-i586-iftw.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Documents and Settings\Kevin\My Documents\Downloads\jre-6u30-windows-i586-iftw.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Kevin\My Documents\Downloads\jre-6u30-windows-i586-iftw.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Kevin\My Documents\Downloads\Lstar337's Split-Sheet v3.05.part1.rar » RAR » Lstar337's Split-Sheet v3.05\Templates\Common\studios\PBS Home Video.png - next archive volume not found
C:\Documents and Settings\Kevin\My Documents\Downloads\rpc412.zip » ZIP » rpc412_setup.exe » NSIS » example1.rar » RAR » example1.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Documents and Settings\Kevin\My Documents\Downloads\rpc412.zip » ZIP » rpc412_setup.exe » NSIS » example2.rar » RAR » example2.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Documents and Settings\Kevin\My Documents\Downloads\SetupAnyDVD6880.exe » NSIS - archive damaged
C:\Documents and Settings\Kevin\My Documents\My Music\iTunes\iTunes Music\Mobile Applications\MetalStorm 4.0.3.ipa » ZIP » Payload/MetalStorm.app/art.dat » ZIP » test.ch.m - error - password-protected file
C:\Documents and Settings\Kevin\My Documents\My Music\iTunes\iTunes Music\Mobile Applications\MetalStorm 4.0.3.ipa » ZIP » Payload/MetalStorm.app/art.dat » ZIP » index.json - error - password-protected file
C:\OLd Computer\My Received Files\SetupCloneDVD_v2.8.5.1_50022.exe » NSIS - archive damaged
C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe » NSIS - archive damaged
C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe » NSIS - archive damaged
C:\System Volume Information\_restore{98A283AB-A938-42FB-91C6-B0A45E5ABB07}\RP63\A0064356.exe » NSIS - archive damaged
C:\Temp\The.Perfect.Man.(2011).(Stageplay).-2011-Mastamind.rar » RAR » Password.url - Incorrect file checksum (CRC); the file is probably password protected.
C:\Temp\The.Perfect.Man.(2011).(Stageplay).-2011-Mastamind.rar » RAR » Readme.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Temp\The.Perfect.Man.(2011).(Stageplay).-2011-Mastamind.rar » RAR » The.Perfect.Man.(2011).(Stageplay).-2011-Mastamind.avi - Incorrect file checksum (CRC); the file is probably password protected.
C:\Tempenc\TMPGenc.Authoring.Works.v4.0.7.32.Incl.Keyfilemaker-EMBRACE\e-taw301.zip » ZIP » embrace.rar » RAR » taw4_retail_4.0.7.32_setup_en.exe - next archive volume not found
C:\WINDOWS\ServicePackFiles\i386\wextract.exe » SWEXTRACT » - bad archive
C:\WINDOWS\SoftwareDistribution\Download\af7613167140620cc20f47965658bb36\BITA.tmp » CAB » nvcompiler.dl_ - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\af7613167140620cc20f47965658bb36\BITA.tmp » CAB » NvCplSetupEng.exe - next archive volume not found
C:\WINDOWS\system32\wextract.exe » SWEXTRACT » - bad archive
Number of scanned objects: 138608
Number of threats found: 0
Time of completion: 2:13:02 PM Total scanning time: 1440 sec (00:24:00)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

#11
havredave

Posted 04 January 2012 - 10:52 AM

GeekU Moderator

GeekU Moderator
1,711 posts

Good to hear things are running better. Your logs look good, other than the chaff found in the ESET scan, which is of no performance or infection import.

I would suggest clearing up just a little bit more, then calling it good.

Since you removed Spybot S&D already, we can do this:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:Files
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

:Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top.
Let the program run unhindered; it will reboot the PC when it is done.

After the OTL run is finished, please use the machine for a good 24 hours and report back with any oddities you may have noticed. If everything is good, I think I can help you clean up the software and backups we did, then turn you loose.

#12
Kevin Smith

Posted 06 January 2012 - 10:37 AM

New Member

Topic Starter
Member
9 posts

I followed your last instructions and my computer is running much than it had before. Programs load much quicker (although I know I need to remove some), but I am extremely pleased in the way that it is handling now. Whenever you have a free moment just let me know what I need to do to clean up the software and backups, and I guess cut me loose.

Thank you so much in advance.

#13
havredave

Posted 06 January 2012 - 11:06 AM

GeekU Moderator

GeekU Moderator
1,711 posts

Great news

First, please delete aswMBR.exe. If it's needed in the future, a helper will direct you to download a fresh copy, since the utility changes versions rather often.

Next, please open OTL.exe again, and click the CleanUp button. It'll remove OTL.exe, the OTL backup folder, and reboot the machine.

Now that your computer appears to be clean, there are some steps you can take to help keep it clean.

Create a new restore point.

Why: We want to be able to restore to a known-good clean spot in the computer's history, and that would be right now, so let's take a snapshot.
How: Follow the instructions below depending on the version of Windows that you have.
Windows ME: Click Start -> Programs -> Accessories -> System Tools -> System Restore. Tick the "Create a restore point" radio button, and press next. Give it a good name, like Geeks-cleaned, and click "Create". All done!
Windows XP: Start -> Help and Support Center -> "Undo changes to your computer with System Restore". Tick the "Create a restore point" radio button, and press next. Give it a good name and click "Create", as above.
Windows Vista and Windows 7: Right-click your "My Computer" or "Computer" link on your start menu. Choose properties from the menu that appears. On the left-hand side of the window that comes up, click "System Protection", then click the "Create" button, and give your new restore point a name, as above.

Keep temporary files cleaned out.

Why: This can not only help your machine run a bit faster with less clutter, but potentially clean out infected files before you even know they're there.
How: The easiest method for just about everyone to use is Windows' Disk Cleanup. This can be found by clicking Start and choosing Run in Windows XP/2000, or simply typing into the search box on Vista and Windows 7, and entering "cleanmgr" (without the quotes). It really is quite easy to use. The defaults should be fine.

Keep software up to date.

Why: Exploitable issues in software are found all the time, especially in network-aware software such as Windows itself, or your web browser and its addons.
How: For a normal user, there are a few programs I pay special attention to confirming that they're up to date: Adobe Reader, Adobe Flash, and Java, and of course Windows itself. To this list, add your antivirus and antispyware products, and your firewall product. For your antivirus, antispyware and firewall products, see the manufacturer documentation for the software in question. Typically you'll find an update feature under the help or tools pulldowns, or on a button somewhere on the software's interface. If you just can't figure out how to update one or more products, just ask - I'd be happy to help; let me know specifically what software it is and what version you have, and I'll try to provide clear instructions.
Adobe Reader: Start up Adobe Reader, click the Help pull-down, and choose "Check for Updates". Follow on-screen instructions to install any updates if applicable. Repeat this after each update until it tells you there are no updates available.
Adobe Flash: Follow the instructions here. Once you are finished, go here to download and install the newest version.
Java: Open your control panel (on the start menu) and find the Java icon. Depending on your control panel configuration and Windows version, this might be obvious, or it might be hidden a bit. You can click the "Programs" link on Vista and 7 to find it, or "Switch to Classic View" in the upper left corner in Windows XP (granted you're not already using classic view). If you can't find Java in any of those places, it's entirely possible you don't have it installed. That fine; if it is installed, it needs to be up to date. If it's not installed, ignore this step. There is a caveat here: If you run certain programs that require Java, you might find that they won't work with the newest version. If you do run into this situation, contact the software manufacturer and ask them what the newest version of Java is that their software supports, and where to obtain it.
Windows: On your start menu, under All Programs or Programs depending on your version, you'll find either Windows Update or Microsoft Update at the top of the menu. Click here and follow the instructions to install the high priority updates that are available. Optional updates are just that; you can install them, but you don't have to in most situations. Repeat this process until no further high priority updates are available.

Clear possibly infected restore pointsWhy: Having the ability to restore your system is a great thing, as long as you're not restoring an infection!
How: The most simple way to do this is to utilize Disk Cleanup, detailed above in the "Keep temporary files cleaned out" step. Simply click on the "More Options" tab, and use the system restore clean up button. This works with all versions of Windows that had system restore; namely, Windows ME and later. This will remove all but the most recent restore point on the system (that we created earlier), which is what we're after.Defragment

Why: Defragmenting your files helps your hard drive access them faster, and in as few sweeps of the read head as possible, reducing drive wear and tear.
How: Using the built-in Windows Disk Defragmenter is one safe option, found in Start -> All Programs -> Accessories -> System Tools. I would do this once a month unless the system is heavily used, then perhaps weekly.

There's also a good article here that goes into a few other details.

Happy computing!

#14
Kevin Smith

Posted 06 January 2012 - 11:36 AM

New Member

Topic Starter
Member
9 posts

Will do, thank you for everything. :thumbsup:

#15
havredave

Posted 06 January 2012 - 11:52 AM

GeekU Moderator

GeekU Moderator
1,711 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.