1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved very slow download

Discussion in 'Malware and Virus Removal Archive' started by dispatch trophy, 2011/12/01.

Page 1 of 2
  1. 2011/12/01
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    [Resolved] very slow download

    I am not sure I have an infection. My downloads are impossibly slow since I did a system recovery.

    I attempted to download the microsoft anti-virus scanner but when it opened it disappeared. I search the file name mse... but could not find it in downloads, programs, common files or anywhere.

    When I attempted to download avira, it took 17 minutes to download 4%, meaning it would take 7 hours to download the file.

    The same thing occurred with malwarebytes. I had been regularly scanning with malwarebytes and avast just before doing my system recovery and no infections were found.

    I was able to do the other scans.

    Here is the GMER scan of C drive:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-01 03:50:52
    Windows 5.1.2600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_4D080H4 rev.DAH017K0
    Running: txcs2s9x.exe; Driver: C:\DOCUME~1\USERAC~1\LOCALS~1\Temp\kfacrkog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Trend pre-filter for XP/TrendMicro)
    AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Trend pre-filter for XP/TrendMicro)

    ---- EOF - GMER 1.0.15 ----
    ++++++++++++++++++++++++++++++++++++

    Here is the GMER scan of D drive:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-01 03:56:52
    Windows 5.1.2600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_4D080H4 rev.DAH017K0
    Running: txcs2s9x.exe; Driver: C:\DOCUME~1\USERAC~1\LOCALS~1\Temp\kfacrkog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Trend pre-filter for XP/TrendMicro)
    AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Trend pre-filter for XP/TrendMicro)

    ---- EOF - GMER 1.0.15 ----
    ++++++++++++++++++++++++++++++++++++++++

    Here is the MBR log:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-01 07:36:48
    -----------------------------
    07:36:48.968 OS Version: Windows 5.1.2600
    07:36:48.968 Number of processors: 1 586 0x102
    07:36:48.983 ComputerName: VALUED-7B9600FA UserName: user account
    07:36:49.889 Initialize success
    07:37:31.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    07:37:31.468 Disk 0 Vendor: Maxtor_4D080H4 DAH017K0 Size: 78167MB BusType: 3
    07:37:31.468 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000058
    07:37:31.468 Disk 1 Vendor: Sony 0000 Size: 78167MB BusType: 0
    07:37:31.514 Disk 0 MBR read successfully
    07:37:31.514 Disk 0 MBR scan
    07:37:31.514 Disk 0 Windows XP default MBR code
    07:37:31.546 Disk 0 scanning sectors +160071660
    07:37:31.733 Disk 0 scanning C:\WINDOWS\System32\drivers
    07:37:53.436 Service scanning
    07:37:56.718 Modules scanning
    07:38:25.874 Disk 0 trace - called modules:
    07:38:25.905 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
    07:38:25.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81f49b48]
    07:38:26.405 3 CLASSPNP.SYS[f85a5ceb] -> nt!IofCallDriver -> \Device\00000051[0x81f73f18]
    07:38:26.405 5 ACPI.sys[f84ee11b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81f72940]
    07:38:26.405 Scan finished successfully
    07:38:56.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user account\Desktop\MBR.dat "
    07:38:56.968 The log file has been saved successfully to "C:\Documents and Settings\user account\Desktop\aswMBR.txt "

    ++++++++++++++++++++++++++++++++++++++++++++++++
     
    dispatch trophy,
    #1
  2. 2011/12/01
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    DDS scan:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2600.0000
    Run by user account at 7:46:47 on 2011-12-01
    Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.512.230 [GMT -8:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\WScript.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\AiO\hp officejet v series\Bin\hpoant07.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
    C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    D:\AiO\hp officejet v series\FRU\Remind32.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
    D:\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\System32\hpoipm07.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
    c:\progra~1\Support.com\client\bin\tgcmd.exe
    D:\AiO\Shared\bin\hpOSTS07.exe
    D:\AiO\Shared\bin\hpOFXM07.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
    C:\Downloads\txcs2s9x.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.sony.com/vaiopeople
    uLocal Page = hxxp://www.sony.com/vaiopeople
    uSearch Page = hxxp://www.msn.com
    uSearch Bar = hxxp://www.msn.com
    mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    uInternet Settings,ProxyOverride = 127.0.0.1
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: CheckHO Class: {576eb0ad-6980-11d5-a9cd-0001032fee17} - c:\program files\yahoo!\common\ycheckh.dll
    EB: http://www.sony.com/vaiopeople: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
    mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    mRun: [Pop3trap.exe] "c:\program files\trend micro\pc-cillin 2000\Pop3trap.exe "
    mRun: [WebTrapNT.exe] "c:\program files\trend micro\pc-cillin 2000\WebTrapNT.exe "
    mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
    StartupFolder: c:\docume~1\userac~1\startm~1\programs\startup\hewlet~1.lnk - d:\aio\hp officejet v series\fru\Remind32.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - d:\aio\hp officejet v series\bin\hpoant07.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\real-t~1.lnk - c:\windows\installer\{a839294b-70a9-11d5-9f5a-0050dad742cd}\_106B5A0.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vaioac~1.lnk - c:\program files\sony\vaio action setup\VAServ.exe
    IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{DB6DB53C-CC9A-49DE-AC6D-62A5F9FBDEAB} : DhcpNameServer = 192.168.1.1 192.168.1.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [2001-12-19 12032]
    R2 tmfilter;tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2001-8-1 148192]
    R2 Tmntsrv;Trend NT Realtime Service;c:\program files\trend micro\pc-cillin 2000\TMNTSRV.EXE [2001-12-18 121856]
    R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2001-8-1 16064]
    R2 V7;V7;c:\windows\system32\drivers\V7.SYS [2011-11-30 7196]
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2001-12-14 54271]
    S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2001-12-14 593000]
    .
    =============== Created Last 30 ================
    .
    2011-12-01 11:12:25 -------- d-----w- C:\Downloads
    2011-12-01 10:35:10 -------- d-s---w- c:\documents and settings\user account\UserData
    2011-12-01 00:37:33 -------- d-----w- c:\program files\Microsoft ActiveSync
    2011-12-01 00:37:12 -------- d-----w- c:\windows\ShellNew
    2011-12-01 00:36:15 -------- d-----w- c:\program files\common files\L&H
    2011-12-01 00:28:55 -------- d-----w- c:\program files\Microsoft Works Suite 2003
    2011-12-01 00:16:49 21760 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2011-11-30 23:57:40 90112 ----a-r- c:\windows\system32\hpocon09.exe
    2011-11-30 23:57:39 22139 ----a-r- c:\windows\system32\hpocoi08.dll
    2011-11-30 23:57:24 38912 ----a-r- c:\windows\system32\hh.exe
    2011-11-30 23:52:53 -------- d-----w- c:\windows\AiOTemp
    2011-11-30 23:12:21 7196 ----a-w- c:\windows\system32\drivers\V7.SYS
    2011-11-30 23:12:21 67584 ----a-w- c:\windows\system32\macrovsn.dll
    2011-11-30 23:12:21 4096 ----a-w- c:\windows\system32\getregn.exe
    2011-11-30 23:12:21 208896 ----a-w- c:\windows\system32\DVDRGCTL.dll
    2011-11-30 23:12:21 193536 ----a-w- c:\windows\system32\AllNode.DLL
    2011-11-30 23:12:21 17920 ----a-w- c:\windows\system32\MMDVDROM.dll
    2011-11-30 23:12:21 146432 ----a-w- c:\windows\system32\Mmac3.dll
    2011-11-30 23:12:21 -------- d-----w- c:\program files\Mediamatics
    2011-11-30 23:09:43 -------- d-----w- C:\ucd
    2011-11-30 23:05:49 13824 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2011-11-30 23:05:49 13824 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-11-30 23:00:24 -------- d-s---w- c:\windows\system32\Microsoft
    2011-11-30 22:39:30 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
    2011-11-30 22:39:27 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
    2011-11-30 22:39:27 324608 ----a-w- c:\windows\system32\hpojwia.dll
    2011-11-30 22:39:22 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
    2011-11-30 22:39:22 205056 ----a-w- c:\windows\system32\drivers\Dot4.sys
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 7:47:15.13 ===============

    +++++++++++++++++++++++

    Attach scan:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/30/2011 7:00:29 AM
    System Uptime: 11/30/2011 8:13:35 AM (23 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P4B266LM
    Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | mPGA 478 | 1816/100mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 28 GiB total, 23.766 GiB free.
    D: is FIXED (NTFS) - 48 GiB total, 48.021 GiB free.
    E: is Removable
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 11/30/2011 3:00:33 PM - System Checkpoint
    RP2: 11/30/2011 3:54:25 PM - Installed hp officejet v series
    RP3: 11/30/2011 4:29:20 PM - Installed Works Suite OS Pack
    RP4: 11/30/2011 4:29:48 PM - Installed Microsoft Works 7.0
    RP5: 11/30/2011 4:35:54 PM - Installed Microsoft Word 2002
    RP6: 11/30/2011 4:49:55 PM - Installed Microsoft Works Suite Add-in for Microsoft Word
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat 5.0
    DigitalPrint 1.1
    DVDExpress
    Experience VAIO
    hp instant support
    hp officejet v series
    HP Share-to-Web
    ImageStation
    ImageStation Demo
    Media Bar 3.2.12
    Microsoft Word 2002
    Microsoft Works 2003 Setup Launcher
    Microsoft Works 7.0
    Microsoft Works Suite Add-in for Microsoft Word
    Motion JPEG Software Decoder
    Music Visualizer Library 1.2
    NVIDIA Windows 2000/XP Display Drivers
    OpenMG Secure Module 3.0.01
    PC-cillin 2000
    PhotoPrinter 2000 Pro
    PicoPlayer
    PicoPlayer Demo
    PicoPlayerSplashScreen
    PictureGear 5.1
    Quicken 2002 New User Edition
    QuickTime
    RealJukebox
    RealPlayer Basic
    Smart Capture
    SonicStage 1.1.00
    SonicStage CD-R Writing Module
    Sony Certificate PCH
    Sony DV Shared Library
    Sony on Yahoo! Essentials
    Support Actions Win2K,WinXP
    TheWorld Browser 2.4 Final (2.4.1.2)
    VAIO Action Setup
    VAIO Brezza Wallpaper
    VAIO Grid Wallpaper
    VAIO Help & Support
    VAIO Registration
    VAIO Serenus Wallpaper
    VAIO Support
    VisualFlow 2.1
    WebFldrs XP
    Windows XP Hotfix (SP1) [See Q307271 for more information]
    Windows XP Hotfix (SP1) [See Q308677 for more information]
    Windows XP Hotfix (SP1) [See Q311889 for more information]
    Windows XP Hotfix (SP1) [See Q312368 for more information]
    Works Suite OS Pack
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/30/2011 7:51:38 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    11/30/2011 7:37:24 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    .
    ==== End Of File ===========================
     
    dispatch trophy,
    #2


  3. to hide this advert.

  4. 2011/12/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3
  5. 2011/12/03
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    MALWARE BYTES REPORT

    Posters note: this scan was done after the gmer and dds scans were done because at the time downloading malware bytes would have taken 7 hours.

    I have since put in a new dsl modem that has improved internet performance.

    This scan was also done after an avast scan was done, which reported one virus and some corrupted cab files.
    ++++++++++++++++++++++++++++++++++++

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8295

    Windows 5.1.2600
    Internet Explorer 6.0.2600.0000

    12/3/2011 12:54:50 AM
    mbam-log-2011-12-03 (00-54-49).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 189857
    Time elapsed: 1 hour(s), 0 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    dispatch trophy,
    #4
  6. 2011/12/03
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    threat BV: SilentFormat-A

    BV:SilentFormat-A detected by Avast Dec 2. Action: Deleted.

    Virus found in C:\Program Files\Trend Micro\PC- cillin\COMMON.VIR

    Latest aswBoot report:

    12/02/2011 10:01
    Scan of all local drives

    File

    C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc1.

    tw!|>vcredist_x86.exe|>.\.\.\.\vc_red.cab|>F_CENTRAL_msvcr100

    _x86 Error 42127 {CAB archive is corrupted.}
    File

    C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc1.

    tw!|>vcredist_x86.exe|>.\.\.\.\vc_red.cab Error 42127 {CAB

    archive is corrupted.}
    File

    C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc1.

    tw!|>vcredist_x86.exe Error 42126 {RAR archive is corrupted.}
    Number of searched folders: 4440
    Number of tested files: 158923
    Number of infected files: 0
     
    dispatch trophy,
    #5
  7. 2011/12/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Possibly that was it but go ahead with Combofix to make sure nothing is hiding there.
     
    broni,
    #6
  8. 2011/12/03
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    I do not think the modem was the only problem.

    I think my system recovery created a lot of problems, but the computer was hanging a lot before that, which is why I decided on the system recovery.

    After recovery, I learned that I lost the Service Packs, and Windows will not allow new downloads.

    I am having a lot of freezing and aborted operations with "error" messages.

    Also,----- I downloaded a windows antivirus called MSE (Microsoft Security Essentials from the list on this site) but the file just unzipped itself and disappeared. I don't know where the file is to run. So I don't know if it is activated. You have stated in your instructions for Combifix that I should disable it. It is not listed in Add/Remove Programs. When I do a search, I can find the executable (mseinstal.exe) but not the program.

    Should I just run Combifix anyway?
     
    dispatch trophy,
    #7
  9. 2011/12/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, go ahead.
     
    broni,
    #8
  10. 2011/12/04
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    COMBOFIX.TXT SCAN:

    (I set avast to re-activate after a restart. I did not realized Combofix would scan after restarting Windows, so avast is shown as running during the Combofix scan.)


    ComboFix 11-12-04.01 - user account 12/03/2011 21:42:04.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.512.286 [GMT -8:00]
    Running from: c:\documents and settings\user account\My Documents\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Owner\WINDOWS
    c:\documents and settings\user account\WINDOWS
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\tsoc.log
    .
    Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
    Restored copy from - c:\windows\LastGood\System32\qmgr.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-04 05:15 . 2011-12-04 05:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-03 23:08 . 2001-08-24 02:58 266240 ----a-w- c:\windows\system32\ippsrw711.dll
    2011-12-03 23:08 . 2001-08-24 02:58 1589248 ----a-w- c:\windows\system32\ippsw711.dll
    2011-12-03 23:08 . 2001-08-24 02:58 159744 ----a-w- c:\windows\system32\ippjw711.dll
    2011-12-03 23:08 . 2001-08-24 02:58 77824 ----a-w- c:\windows\system32\ippsr11.dll
    2011-12-03 23:08 . 2001-08-24 02:58 176128 ----a-w- c:\windows\system32\ipps11.dll
    2011-12-03 23:08 . 2001-08-24 02:58 65536 ----a-w- c:\windows\system32\ippj11.dll
    2011-12-03 23:08 . 2001-08-24 02:58 2592768 ----a-w- c:\windows\system32\ippiw711.dll
    2011-12-03 23:08 . 2001-08-24 02:58 466944 ----a-w- c:\windows\system32\ippcvw711.dll
    2011-12-03 23:08 . 2001-08-24 02:58 94208 ----a-w- c:\windows\system32\ippcv11.dll
    2011-12-03 23:08 . 2001-08-24 02:58 225280 ----a-w- c:\windows\system32\ippi11.dll
    2011-12-03 23:08 . 2001-03-11 01:56 40960 ----a-w- c:\windows\system32\IPPCPUID.DLL
    2011-12-03 23:07 . 2011-12-03 23:07 -------- d-----w- c:\program files\PDFDrvSetup
    2011-12-03 23:07 . 2005-06-30 21:55 45056 ----a-w- c:\program files\WriteDriver2Pdf.dll
    2011-12-03 23:05 . 2005-07-26 02:02 36864 ----a-w- c:\program files\fiopct32.dll
    2011-12-03 23:04 . 2003-05-23 00:12 28672 ----a-w- c:\program files\foldrlnk.dll
    2011-12-03 23:02 . 2005-04-04 07:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2011-12-03 23:02 . 2005-04-04 06:57 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2011-12-03 23:02 . 2005-04-04 07:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2011-12-03 23:02 . 2005-04-04 07:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2011-12-03 23:02 . 2005-04-04 06:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2011-12-03 23:02 . 2005-04-04 07:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2011-12-03 23:02 . 2011-12-03 23:02 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2011-12-03 23:02 . 2011-12-03 23:02 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2011-12-03 23:01 . 2011-12-03 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2011-12-03 23:01 . 2011-12-03 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
    2011-12-03 23:01 . 2011-12-03 23:01 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
    2011-12-03 23:00 . 2011-12-03 23:00 -------- d-----w- c:\program files\ScanSoft
    2011-12-03 22:56 . 2011-12-03 22:56 -------- d-----w- c:\program files\Common Files\CANON
    2011-12-03 22:53 . 2011-12-03 22:53 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2011-12-03 22:53 . 2011-12-04 00:25 -------- d-----w- c:\program files\Canon
    2011-12-03 07:38 . 2011-12-03 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-03 07:38 . 2011-09-01 01:00 20552 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-03 07:38 . 2011-12-03 07:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-02 19:14 . 2011-12-03 15:20 -------- d-----w- c:\windows\LastGood
    2011-12-02 11:18 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-12-02 11:18 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-12-02 11:18 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-12-02 11:18 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-12-02 11:18 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-12-02 11:18 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-12-02 11:17 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2011-12-02 11:17 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-12-02 11:16 . 2011-12-02 11:16 -------- d-----w- c:\program files\AVAST Software
    2011-12-02 11:16 . 2011-12-02 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-12-02 08:44 . 2011-12-02 08:44 1409 ----a-w- c:\windows\QTFont.for
    2011-12-02 03:56 . 2011-12-02 03:56 -------- d-----w- c:\program files\verizontb
    2011-12-02 03:51 . 2011-12-02 03:57 -------- d-----w- c:\program files\Verizon
    2011-12-01 13:44 . 2011-12-01 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
    2011-12-01 11:12 . 2011-12-01 12:56 -------- d-----w- C:\Downloads
    2011-12-01 00:37 . 2011-12-01 00:37 -------- d-----w- c:\program files\Microsoft ActiveSync
    2011-12-01 00:37 . 2011-12-01 00:37 -------- d-----w- c:\windows\ShellNew
    2011-12-01 00:36 . 2011-12-01 00:36 -------- d-----w- c:\program files\Common Files\L&H
    2011-12-01 00:29 . 2011-12-01 00:49 -------- d-----w- c:\program files\Microsoft Works
    2011-12-01 00:28 . 2011-12-01 00:28 -------- d-----w- c:\program files\Microsoft Works Suite 2003
    2011-12-01 00:16 . 2001-08-17 22:03 21760 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2011-11-30 23:57 . 2002-04-09 23:29 90112 ----a-r- c:\windows\system32\hpocon09.exe
    2011-11-30 23:57 . 2002-04-09 23:34 22139 ----a-r- c:\windows\system32\hpocoi08.dll
    2011-11-30 23:57 . 2001-09-13 23:52 38912 ----a-r- c:\windows\system32\hh.exe
    2011-11-30 23:56 . 2011-11-30 23:56 -------- d-----w- c:\program files\Hewlett-Packard
    2011-11-30 23:52 . 2011-11-30 23:56 -------- d-----w- c:\windows\AiOTemp
    2011-11-30 23:12 . 2011-11-30 23:12 -------- d-----w- c:\program files\Mediamatics
    2011-11-30 23:12 . 2001-08-28 21:32 193536 ----a-w- c:\windows\system32\AllNode.DLL
    2011-11-30 23:12 . 2000-03-09 19:24 7196 ----a-w- c:\windows\system32\drivers\V7.SYS
    2011-11-30 23:12 . 2000-02-29 16:13 67584 ----a-w- c:\windows\system32\macrovsn.dll
    2011-11-30 23:12 . 1999-07-19 17:23 17920 ----a-w- c:\windows\system32\MMDVDROM.dll
    2011-11-30 23:12 . 1999-06-16 17:38 4096 ----a-w- c:\windows\system32\getregn.exe
    2011-11-30 23:12 . 1999-06-02 17:37 146432 ----a-w- c:\windows\system32\Mmac3.dll
    2011-11-30 23:12 . 1999-05-12 17:05 208896 ----a-w- c:\windows\system32\DVDRGCTL.dll
    2011-11-30 23:09 . 2011-11-30 23:10 -------- d-----w- C:\ucd
    2011-11-30 23:05 . 2001-08-17 21:53 13824 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2011-11-30 23:05 . 2001-08-17 21:53 13824 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-11-30 23:01 . 2011-12-04 05:49 -------- d-----w- c:\documents and settings\user account
    2011-11-30 23:00 . 2001-12-14 22:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Sony Corporation
    2011-11-30 23:00 . 2001-12-14 22:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InterTrust
    2011-11-30 23:00 . 2001-12-14 20:45 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft
    2011-11-30 23:00 . 2011-11-30 23:00 -------- d-s---w- c:\windows\system32\Microsoft
    2011-11-30 22:39 . 2001-08-17 21:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
    2011-11-30 22:39 . 2001-08-18 06:36 324608 ----a-w- c:\windows\system32\hpojwia.dll
    2011-11-30 22:39 . 2001-08-17 21:47 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
    2011-11-30 22:39 . 2001-08-17 21:47 205056 ----a-w- c:\windows\system32\drivers\Dot4.sys
    2011-11-30 22:39 . 2001-08-17 21:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f8d96645-337c-419b-8792-b6c126145811} "= "c:\program files\verizontb\verizonDx.dll" [2011-04-29 86696]
    .
    [HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
    2011-04-29 19:56 262312 ----a-w- c:\program files\verizontb\auxi\verizonAu.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
    2011-04-29 19:56 86696 ----a-w- c:\program files\verizontb\verizonDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{f8d96645-337c-419b-8792-b6c126145811} "= "c:\program files\verizontb\verizonDx.dll" [2011-04-29 86696]
    .
    [HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "NvQTwk" [X]
    "ZTgServerSwitch "= "c:\program files\support.com\client\lserver\server.vbs" [2001-04-26 2220]
    "Share-to-Web Namespace Daemon "= "c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
    "avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
    "SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
    "OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
    "WrtMon.exe "= "c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
    .
    c:\documents and settings\user account\Start Menu\Programs\Startup\
    Hewlett-Packard Recorder.lnk - d:\aio\hp officejet v series\FRU\Remind32.exe [2000-8-23 67584]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HPAiODevice(hp officejet v series) - 1.lnk - d:\aio\hp officejet v series\Bin\hpoant07.exe [2002-4-25 487487]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    VAIO Action Setup (Server).lnk - c:\program files\Sony\VAIO Action Setup\VAServ.exe [2001-12-19 40960]
    .
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/2/2011 3:18 AM 314456]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/2/2011 11:38 PM 366152]
    R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [12/19/2001 6:18 AM 12032]
    R2 V7;V7;c:\windows\system32\drivers\V7.SYS [11/30/2011 3:12 PM 7196]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/2/2011 11:38 PM 20552]
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [12/14/2001 4:55 PM 54271]
    S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [12/14/2001 11:26 AM 593000]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-30 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\System32\OOBE\oobebaln.exe [2001-12-14 12:00]
    .
    2011-11-30 c:\windows\Tasks\Registration reminder 2.job
    - c:\windows\System32\OOBE\oobebaln.exe [2001-12-14 12:00]
    .
    2011-11-30 c:\windows\Tasks\Registration reminder 3.job
    - c:\windows\System32\OOBE\oobebaln.exe [2001-12-14 12:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
    uLocal Page = hxxp://www.sony.com/vaiopeople
    uInternet Settings,ProxyOverride = 127.0.0.1
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\user account\Application Data\Mozilla\Firefox\Profiles\1f1efyyw.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-03 21:55
    Windows 5.1.2600 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\TEMP\_avast_\unp87275917.tmp 828104 bytes executable
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(560)
    c:\windows\system32\ODBC32.dll
    .
    - - - - - - - > 'lsass.exe'(616)
    c:\windows\System32\dssenh.dll
    .
    - - - - - - - > 'explorer.exe'(2568)
    c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\System32\nvsvc32.exe
    c:\windows\System32\WScript.exe
    c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    c:\windows\System32\spool\drivers\w32x86\3\WrtProc.exe
    d:\aio\Shared\Bin\hpoevm07.exe
    c:\windows\System32\hpoipm07.exe
    c:\progra~1\Support.com\client\bin\tgcmd.exe
    d:\aio\Shared\bin\hpOSTS07.exe
    d:\aio\Shared\bin\hpOFXM07.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-03 22:06:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-04 06:06
    .
    Pre-Run: 23,574,560,768 bytes free
    Post-Run: 23,950,438,400 bytes free
    .
    WinXP_EN_HOM_BF.EXE
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect
    .
    - - End Of File - - 868145A2A2CAFC3919564E72FFA1CD5A
     
    dispatch trophy,
    #9
  11. 2011/12/04
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    Should I run Rkill even though ComboFix has been run successfully?
     
    dispatch trophy,
    #10
  12. 2011/12/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No, no reason for rKill.

    How is computer doing now?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #11
  13. 2011/12/04
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    OTL.TXT SCAN:

    OTL logfile created on: 12/4/2011 12:12:25 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user account\Desktop
    Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2600.0000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.53 Mb Total Physical Memory | 156.48 Mb Available Physical Memory | 30.59% Memory free
    1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.75% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 28.00 Gb Total Space | 22.30 Gb Free Space | 79.66% Space Free | Partition Type: NTFS
    Drive D: | 48.33 Gb Total Space | 47.93 Gb Free Space | 99.17% Space Free | Partition Type: NTFS

    Computer Name: VALUED-7B9600FA | User Name: user account | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/04 12:06:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user account\Desktop\OTL.exe
    PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
    PRC - [2006/09/19 16:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    PRC - [2002/04/25 19:40:18 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- D:\AiO\Shared\Bin\hpofxm07.exe
    PRC - [2002/04/25 19:06:24 | 000,299,008 | ---- | M] (Hewlett-Packard Co.) -- D:\AiO\Shared\Bin\hpoevm07.exe
    PRC - [2002/04/25 18:43:32 | 000,487,487 | ---- | M] (Hewlett-Packard Co.) -- D:\AiO\hp officejet v series\Bin\hpoant07.exe
    PRC - [2002/04/25 18:39:56 | 000,057,344 | ---- | M] (HP) -- C:\WINDOWS\system32\hpoipm07.exe
    PRC - [2001/11/19 03:40:58 | 001,413,120 | ---- | M] (Support.com, Inc.) -- c:\Program Files\support.com\client\bin\tgcmd.exe
    PRC - [2001/11/05 01:04:00 | 000,040,960 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    PRC - [2001/08/18 04:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2001/07/03 09:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    PRC - [2001/07/03 09:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    PRC - [2000/08/23 12:48:42 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- D:\AiO\hp officejet v series\FRU\Remind32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/04 08:46:48 | 001,642,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120401\algo.dll
    MOD - [2011/11/29 07:40:55 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120401\aswRep.dll
    MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
    MOD - [2006/09/19 16:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    MOD - [2002/04/25 19:39:50 | 000,028,672 | ---- | M] () -- D:\AiO\Shared\Bin\hpopxs07.dll
    MOD - [2001/11/15 03:41:56 | 000,516,096 | ---- | M] () -- c:\Program Files\support.com\client\bin\sdcmon.dll
    MOD - [2001/07/03 09:17:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
    MOD - [2001/07/03 09:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (xmlprov)
    SRV - File not found [Auto | Stopped] -- -- (wscsvc)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2001/09/27 22:26:40 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2001/08/18 04:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/08/31 17:00:50 | 000,020,552 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2001/12/06 01:49:44 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SonyFKC.sys -- (SonyFKC)
    DRV - [2001/11/12 22:26:32 | 000,029,702 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS) Sony Memory Stick controller(WB)
    DRV - [2001/09/21 16:16:46 | 000,593,000 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Smbe.sys -- (SMBE) Sony MPEG2 Encoder Board (WDM)
    DRV - [2001/08/17 13:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
    DRV - [2001/08/17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
    DRV - [2001/08/17 12:11:26 | 000,054,271 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10(tm)
    DRV - [2001/08/17 04:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2001/05/08 17:57:20 | 000,467,985 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2000/12/05 16:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
    DRV - [2000/03/09 11:24:42 | 000,007,196 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\V7.SYS -- (V7)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.zoho.com/mail/
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..\URLSearchHook: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/02 03:17:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\components [2011/12/01 20:48:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\plugins

    [2011/12/01 20:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user account\Application Data\Mozilla\Extensions

    O1 HOSTS File: ([2011/12/03 21:54:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
    O2 - BHO: (CheckHO Class) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll (Yahoo! Inc.)
    O2 - BHO: (Updater For Verizon Toolbar) - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files\verizontb\auxi\verizonAu.dll (Visicom Media)
    O2 - BHO: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
    O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
    O3 - HKLM\..\Toolbar: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
    O4 - HKLM..\Run: [ZTgServerSwitch] c:\Program Files\support.com\client\lserver\Server.vbs ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet v series) - 1.lnk = D:\AiO\hp officejet v series\Bin\hpoant07.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe (Sony Corporation)
    O4 - Startup: C:\Documents and Settings\user account\Start Menu\Programs\Startup\Hewlett-Packard Recorder.lnk = D:\AiO\hp officejet v series\FRU\Remind32.exe (IntelliQuest Communications, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
    O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
    O15 - HKU\S-1-5-21-602162358-308236825-1801674531-1004\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB6DB53C-CC9A-49DE-AC6D-62A5F9FBDEAB}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\VAIO Serenus Wallpaper TrueColor 1024x768.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Serenus Wallpaper TrueColor 1024x768.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/12/02 11:02:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/12/01 19:04:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - C:\WINDOWS\system32\mspmspsv.dll (Microsoft Corporation)

    Drivers32: ;VIDC.MJPG - C:\WINDOWS\System32\sonymjpg.dll (Sony Corporation)
    Drivers32: msacm.atrac3 - C:\WINDOWS\System32\atrac3.acm (Sony Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\DVLib\sonydv.dll (Sony Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.MJPG - C:\WINDOWS\System32\sonymjpg.dll (Sony Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/04 12:06:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user account\Desktop\OTL.exe
    [2011/12/03 21:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/12/03 21:40:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/03 21:31:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/03 21:31:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/03 21:31:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/03 21:31:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/03 21:22:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/03 21:16:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/03 21:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Start Menu\Programs\Administrative Tools
    [2011/12/03 21:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\Macromedia
    [2011/12/03 16:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon CanoScan LiDE 600F User Registration
    [2011/12/03 15:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\NewSoft
    [2011/12/03 15:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\My Documents\My PageManager
    [2011/12/03 15:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Local Settings\Application Data\NewSoft
    [2011/12/03 15:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Local Settings\Application Data\Scansoft
    [2011/12/03 15:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Presto! PageManager 7.15
    [2011/12/03 15:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\PDFDrvSetup
    [2011/12/03 15:06:54 | 000,565,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp50.dll
    [2011/12/03 15:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\PMPDFView
    [2011/12/03 15:06:53 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MFC40.DLL
    [2011/12/03 15:06:53 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
    [2011/12/03 15:06:44 | 000,303,104 | ---- | C] (NewSoft) -- C:\Program Files\PrintFun.exe
    [2011/12/03 15:06:44 | 000,024,576 | ---- | C] (newsoft) -- C:\Program Files\AvalonPage.dll
    [2011/12/03 15:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\WebHelp
    [2011/12/03 15:06:43 | 000,323,584 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\iConvert16.dll
    [2011/12/03 15:06:43 | 000,241,664 | ---- | C] (NewSoft) -- C:\Program Files\PShow.exe
    [2011/12/03 15:06:43 | 000,045,056 | ---- | C] (NewSoft ) -- C:\Program Files\RestoreFile.exe
    [2011/12/03 15:06:43 | 000,045,056 | ---- | C] ( NewSoft Technology Corporation) -- C:\Program Files\BurnRes.dll
    [2011/12/03 15:06:42 | 000,245,760 | ---- | C] (NewSoft) -- C:\Program Files\PSaver.scr
    [2011/12/03 15:06:42 | 000,077,824 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\NetGroup.exe
    [2011/12/03 15:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Skin
    [2011/12/03 15:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\PackExe
    [2011/12/03 15:06:25 | 000,360,448 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\AviToMpeg2.dll
    [2011/12/03 15:06:25 | 000,249,856 | ---- | C] (NewSoft) -- C:\Program Files\Avi2Mpeg1.dll
    [2011/12/03 15:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\LANGUAGE
    [2011/12/03 15:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\DBASE
    [2011/12/03 15:06:08 | 001,073,664 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\SCANMAN.DRV
    [2011/12/03 15:06:08 | 000,091,136 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE6.DLL
    [2011/12/03 15:06:08 | 000,089,088 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE7.DLL
    [2011/12/03 15:06:07 | 000,098,816 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE20.DLL
    [2011/12/03 15:06:07 | 000,092,672 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE2.DLL
    [2011/12/03 15:06:07 | 000,092,160 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE3.DLL
    [2011/12/03 15:06:07 | 000,090,112 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE5.DLL
    [2011/12/03 15:06:07 | 000,088,576 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE23.DLL
    [2011/12/03 15:06:06 | 000,093,184 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE1.DLL
    [2011/12/03 15:06:06 | 000,089,600 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE15.DLL
    [2011/12/03 15:06:06 | 000,089,088 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE13.DLL
    [2011/12/03 15:05:44 | 000,036,864 | ---- | C] (newsoftinc) -- C:\Program Files\fiopct32.dll
    [2011/12/03 15:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Inso
    [2011/12/03 15:05:43 | 000,303,104 | ---- | C] (newsoftinc) -- C:\Program Files\Fiotif32.dll
    [2011/12/03 15:05:43 | 000,114,688 | ---- | C] (newsoftinc) -- C:\Program Files\Fioall32.dll
    [2011/12/03 15:05:39 | 001,699,840 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\RECPAGE.DLL
    [2011/12/03 15:05:33 | 001,122,816 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\LCSPELL.DLL
    [2011/12/03 15:05:32 | 000,644,096 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\IMAGE.DLL
    [2011/12/03 15:05:31 | 000,619,008 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\GRINF11.DLL
    [2011/12/03 15:05:29 | 000,381,440 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\FineOCREngine.dll
    [2011/12/03 15:05:28 | 002,033,664 | ---- | C] (ABBYY Software House (BIT Software)) -- C:\Program Files\FOBJ420.DLL
    [2011/12/03 15:05:25 | 000,794,624 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\EXPORT.DLL
    [2011/12/03 15:05:25 | 000,090,624 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE0.DLL
    [2011/12/03 15:05:21 | 002,918,400 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\DA.DLL
    [2011/12/03 15:05:13 | 000,221,184 | ---- | C] (newsoftinc) -- C:\Program Files\fiopng32.dll
    [2011/12/03 15:05:13 | 000,151,552 | ---- | C] (newsoftinc) -- C:\Program Files\UciJpg32.dll
    [2011/12/03 15:05:13 | 000,135,168 | ---- | C] (newsoftinc) -- C:\Program Files\fiogif32.dll
    [2011/12/03 15:05:12 | 000,172,032 | ---- | C] (newsoftinc) -- C:\Program Files\UciG3432.dll
    [2011/12/03 15:05:12 | 000,053,248 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\Tcm.dll
    [2011/12/03 15:05:12 | 000,036,864 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\ScrBase.dll
    [2011/12/03 15:05:11 | 000,061,440 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\IsmDraw.dll
    [2011/12/03 15:05:10 | 000,143,360 | ---- | C] (newsoftinc) -- C:\Program Files\FioTga32.dll
    [2011/12/03 15:05:10 | 000,032,768 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\FioThumb.dll
    [2011/12/03 15:05:10 | 000,028,672 | ---- | C] (newsoftinc) -- C:\Program Files\FioWmf32.dll
    [2011/12/03 15:05:09 | 000,135,248 | ---- | C] (newsoftinc) -- C:\Program Files\FioPof32.dll
    [2011/12/03 15:05:09 | 000,135,168 | ---- | C] (newsoftinc) -- C:\Program Files\FioPcd32.dll
    [2011/12/03 15:05:09 | 000,032,768 | ---- | C] (newsoftinc) -- C:\Program Files\FioPsd32.dll
    [2011/12/03 15:05:09 | 000,032,768 | ---- | C] (newsoftinc) -- C:\Program Files\FioPcx32.dll
    [2011/12/03 15:05:08 | 000,159,744 | ---- | C] (newsoftinc) -- C:\Program Files\FioFpx32.dll
    [2011/12/03 15:05:08 | 000,139,264 | ---- | C] (newsoftinc) -- C:\Program Files\FioJpg32.dll
    [2011/12/03 15:05:08 | 000,032,768 | ---- | C] (newsoftinc) -- C:\Program Files\FioBmp32.dll
    [2011/12/03 15:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\FIODLL
    [2011/12/03 15:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Work
    [2011/12/03 15:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Scantype
    [2011/12/03 15:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Samples
    [2011/12/03 15:05:05 | 000,135,168 | ---- | C] (Info-ZIP) -- C:\Program Files\zip32.dll
    [2011/12/03 15:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Resource
    [2011/12/03 15:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\res
    [2011/12/03 15:05:04 | 000,098,304 | ---- | C] (Info-ZIP) -- C:\Program Files\unzip32.dll
    [2011/12/03 15:05:04 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Program Files\shfolder.dll
    [2011/12/03 15:05:03 | 000,397,312 | ---- | C] (NewSoft) -- C:\Program Files\pmtwain.dll
    [2011/12/03 15:05:03 | 000,028,672 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\pmVideo.dll
    [2011/12/03 15:05:02 | 001,239,616 | ---- | C] (PDFlib GmbH) -- C:\Program Files\pdflib.dll
    [2011/12/03 15:05:02 | 000,295,000 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
    [2011/12/03 15:05:01 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\lzexpand.dlx
    [2011/12/03 15:05:00 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
    [2011/12/03 15:05:00 | 000,352,256 | ---- | C] (Intel Corporation) -- C:\Program Files\ijl15.dll
    [2011/12/03 15:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PDFView
    [2011/12/03 15:04:57 | 000,229,376 | ---- | C] (WebStorage Corporation) -- C:\Program Files\WebSyncEx.dll
    [2011/12/03 15:04:55 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Psapi.dll
    [2011/12/03 15:04:54 | 004,022,272 | ---- | C] (NEWSOFT) -- C:\Program Files\Prestopm.exe
    [2011/12/03 15:04:53 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
    [2011/12/03 15:04:53 | 000,147,456 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\Pmsb.exe
    [2011/12/03 15:04:51 | 000,274,516 | ---- | C] (NewSoft Technology Corporation.) -- C:\Program Files\PMToApp.dll
    [2011/12/03 15:04:50 | 000,024,576 | ---- | C] (NewSoft Technology Corporation.) -- C:\Program Files\PMMKView.dll
    [2011/12/03 15:04:47 | 000,557,056 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\OSmScan.exe
    [2011/12/03 15:04:44 | 000,077,824 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\NSCDVD.dll
    [2011/12/03 15:04:43 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MFC42.DLL
    [2011/12/03 15:04:43 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MSVCP60.DLL
    [2011/12/03 15:04:42 | 000,159,744 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\Ism.dll
    [2011/12/03 15:04:42 | 000,031,744 | ---- | C] (Newsoft) -- C:\Program Files\JpgLib.dll
    [2011/12/03 15:04:41 | 000,167,936 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\AudioData.dll
    [2011/12/03 15:04:41 | 000,159,744 | ---- | C] (NewSoft Technology Corporation) -- C:\Program Files\Burn.dll
    [2011/12/03 15:04:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Color
    [2011/12/03 15:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
    [2011/12/03 15:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\ScanSoft
    [2011/12/03 15:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4.0

    END FIRST 1/4 OF OTL SCAN
     
    dispatch trophy,
    #12
  14. 2011/12/04
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    SECOND QUARTER OF FIRST HALF OF OTL:

    [2011/12/03 15:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
    [2011/12/03 15:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2011/12/03 15:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
    [2011/12/03 14:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft PhotoStudio 5.5
    [2011/12/03 14:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
    [2011/12/03 14:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
    [2011/12/03 14:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon CanoScan LiDE 600F Manual
    [2011/12/03 14:53:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
    [2011/12/03 14:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CanoScan LiDE 600F
    [2011/12/03 14:53:45 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
    [2011/12/03 14:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
    [2011/12/03 14:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\Canon
    [2011/12/03 07:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Desktop\COMPUTER SCANS
    [2011/12/03 06:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Local Settings\Application Data\Google
    [2011/12/03 06:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Desktop\TRANS TO USB
    [2011/12/02 23:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\Malwarebytes
    [2011/12/02 23:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/02 23:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/12/02 23:38:09 | 000,020,552 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/02 23:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/02 22:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\U3
    [2011/12/02 18:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\My Documents\My Received Files
    [2011/12/02 11:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Local Settings\Application Data\Identities
    [2011/12/02 11:14:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2011/12/02 03:18:52 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/12/02 03:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/12/02 03:18:50 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/12/02 03:18:49 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/12/02 03:18:48 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/12/02 03:18:48 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/12/02 03:18:47 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/12/02 03:17:46 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/12/02 03:17:44 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/12/02 03:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/12/02 03:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/12/02 00:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\My Documents\Downloads
    [2011/12/01 20:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Local Settings\Application Data\Mozilla
    [2011/12/01 20:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\Mozilla
    [2011/12/01 19:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\verizontb
    [2011/12/01 19:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\verizontb
    [2011/12/01 19:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Local Settings\Application Data\SupportSoft
    [2011/12/01 19:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
    [2011/12/01 19:50:06 | 014,468,144 | ---- | C] (Verizon ) -- C:\Documents and Settings\user account\Desktop\VZ_Activation.exe
    [2011/12/01 14:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Local Settings\Application Data\Help
    [2011/12/01 14:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\Help
    [2011/12/01 07:46:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user account\My Documents\My Videos
    [2011/12/01 07:46:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2011/12/01 05:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
    [2011/12/01 05:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\MSN6
    [2011/12/01 03:12:25 | 000,000,000 | ---D | C] -- C:\Downloads
    [2011/12/01 02:35:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user account\UserData
    [2011/11/30 16:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
    [2011/11/30 16:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
    [2011/11/30 16:37:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
    [2011/11/30 16:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2011/11/30 16:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
    [2011/11/30 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
    [2011/11/30 16:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2011/11/30 16:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
    [2011/11/30 16:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
    [2011/11/30 16:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works Suite 2003
    [2011/11/30 15:57:39 | 000,022,139 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hpocoi08.dll
    [2011/11/30 15:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\Share-to-Web Upload Folder
    [2011/11/30 15:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP Share-to-Web
    [2011/11/30 15:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
    [2011/11/30 15:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Readiris
    [2011/11/30 15:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard
    [2011/11/30 15:52:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\AiOTemp
    [2011/11/30 15:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Bar
    [2011/11/30 15:12:21 | 000,208,896 | ---- | C] (Mediamatics, Inc.) -- C:\WINDOWS\System32\DVDRGCTL.dll
    [2011/11/30 15:12:21 | 000,146,432 | ---- | C] (Mediamatics Inc) -- C:\WINDOWS\System32\Mmac3.dll
    [2011/11/30 15:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mediamatics
    [2011/11/30 15:09:43 | 000,000,000 | ---D | C] -- C:\ucd
    [2011/11/30 15:01:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user account\Application Data\Microsoft
    [2011/11/30 15:01:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user account\Cookies
    [2011/11/30 15:01:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user account\Application Data
    [2011/11/30 15:01:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user account\Favorites
    [2011/11/30 15:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\Sony Corporation
    [2011/11/30 15:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\InterTrust
    [2011/11/30 15:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\Identities
    [2011/11/30 15:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Desktop
    [2011/11/30 15:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Application Data\Adobe
    [2011/11/30 15:01:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user account\SendTo
    [2011/11/30 15:01:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user account\Recent
    [2011/11/30 15:01:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user account\Start Menu\Programs\Startup
    [2011/11/30 15:01:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user account\Start Menu
    [2011/11/30 15:01:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user account\My Documents\My Pictures
    [2011/11/30 15:01:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user account\My Documents\My Music
    [2011/11/30 15:01:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user account\My Documents
    [2011/11/30 15:01:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user account\Start Menu\Programs\Accessories
    [2011/11/30 15:01:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user account\Templates
    [2011/11/30 15:01:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user account\PrintHood
    [2011/11/30 15:01:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user account\NetHood
    [2011/11/30 15:01:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user account\Local Settings
    [2011/11/30 15:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\My Documents\My eBooks
    [2011/11/30 15:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user account\Local Settings\Application Data\Microsoft
    [2011/11/30 15:00:24 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/04 12:06:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user account\Desktop\OTL.exe
    [2011/12/04 11:33:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/04 11:33:52 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/03 21:54:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/03 21:40:21 | 000,000,310 | RHS- | M] () -- C:\boot.ini
    [2011/12/03 16:25:13 | 000,001,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon CanoScan LiDE 600F User Registration.LNK
    [2011/12/03 16:00:11 | 000,002,070 | ---- | M] () -- C:\Program Files\Pm.ini
    [2011/12/03 15:34:26 | 000,001,952 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CanoScan LiDE 600F On-screen Manual.lnk
    [2011/12/03 15:28:55 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2011/12/03 15:08:59 | 000,001,421 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Presto! PageManager 7.15.lnk
    [2011/12/03 15:08:29 | 000,151,566 | ---- | M] () -- C:\WINDOWS\System32\UninstIPP.isu
    [2011/12/03 15:08:29 | 000,002,336 | ---- | M] () -- C:\Program Files\xpdfrc
    [2011/12/03 15:08:27 | 000,001,725 | ---- | M] () -- C:\Program Files\pmsb.ini
    [2011/12/03 15:08:27 | 000,000,064 | ---- | M] () -- C:\Program Files\GetPhotoPath.ini
    [2011/12/03 15:07:52 | 000,000,264 | ---- | M] () -- C:\WINDOWS\setup.iss
    [2011/12/03 15:01:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\MAXLINK.INI
    [2011/12/03 14:55:56 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\user account\My Documents\sta_per
    [2011/12/03 14:54:34 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CanoScan Toolbox 5.0.lnk
    [2011/12/03 14:54:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user account\My Documents\sta_req
    [2011/12/02 23:38:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/12/02 23:38:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/02 11:02:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/12/02 09:29:19 | 000,057,685 | ---- | M] () -- C:\WINDOWS\result.cab
    [2011/12/02 03:18:53 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/12/02 03:18:48 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/12/02 00:44:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2011/12/02 00:44:20 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2011/12/01 20:49:45 | 000,000,364 | ---- | M] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/12/01 20:49:45 | 000,000,364 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/12/01 19:57:05 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\user account\Desktop\Verizon Message Center.lnk
    [2011/12/01 19:57:05 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\user account\Desktop\My Verizon.lnk
    [2011/12/01 19:57:05 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\user account\Desktop\Search.lnk
    [2011/12/01 19:50:06 | 014,468,144 | ---- | M] (Verizon ) -- C:\Documents and Settings\user account\Desktop\VZ_Activation.exe
    [2011/12/01 19:04:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.CAM
    [2011/12/01 14:57:33 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/01 14:57:33 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/01 14:56:32 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/12/01 13:43:56 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/11/30 21:07:43 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\TheWorld.lnk
    [2011/11/30 21:07:43 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TheWorld.lnk
    [2011/11/30 16:38:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2011/11/30 16:37:36 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2011/11/30 16:13:09 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\user account\Start Menu\Programs\Startup\Hewlett-Packard Recorder.lnk
    [2011/11/30 15:58:35 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet v series) - 1.lnk
    [2011/11/30 15:58:35 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\hp officejet v series.lnk
    [2011/11/30 15:56:34 | 000,000,020 | ---- | M] () -- C:\WINDOWS\Hposcv07.INI
    [2011/11/30 15:12:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
    [2011/11/30 15:01:09 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/11/30 15:00:29 | 000,000,774 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2011/11/30 15:00:26 | 000,000,194 | ---- | M] () -- C:\Boot.bak
    [2011/11/30 15:00:25 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 3.job
    [2011/11/30 15:00:25 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 2.job
    [2011/11/30 15:00:24 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 1.job
    [2011/11/28 10:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/11/28 10:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/11/28 09:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/03 21:40:21 | 000,000,194 | ---- | C] () -- C:\Boot.bak
    [2011/12/03 21:40:16 | 000,237,728 | RHS- | C] () -- C:\cmldr
    [2011/12/03 21:31:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/03 21:31:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/03 21:31:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/03 21:31:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/03 21:31:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/03 19:16:06 | 536,449,024 | -HS- | C] () -- C:\hiberfil.sys
    [2011/12/03 15:09:18 | 000,001,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon CanoScan LiDE 600F User Registration.LNK
    [2011/12/03 15:08:59 | 000,001,421 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Presto! PageManager 7.15.lnk
    [2011/12/03 15:08:27 | 000,000,065 | ---- | C] () -- C:\Program Files\Execute.ini
    [2011/12/03 15:08:27 | 000,000,064 | ---- | C] () -- C:\Program Files\GetPhotoPath.ini
    [2011/12/03 15:08:26 | 000,151,566 | ---- | C] () -- C:\WINDOWS\System32\UninstIPP.isu
    [2011/12/03 15:08:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
    [2011/12/03 15:08:26 | 000,000,164 | ---- | C] () -- C:\Program Files\LUTRAY.ini
    [2011/12/03 15:07:47 | 000,009,606 | ---- | C] () -- C:\WINDOWS\System32\NEWSOFT
    [2011/12/03 15:07:14 | 000,000,264 | ---- | C] () -- C:\WINDOWS\setup.iss
    [2011/12/03 15:07:02 | 000,045,056 | ---- | C] () -- C:\Program Files\WriteDriver2Pdf.dll
    [2011/12/03 15:06:54 | 000,126,976 | ---- | C] () -- C:\Program Files\LiveUpdate.dll
    [2011/12/03 15:06:54 | 000,000,442 | ---- | C] () -- C:\Program Files\PMPDFView.str
    [2011/12/03 15:06:54 | 000,000,160 | ---- | C] () -- C:\Program Files\LUTRAYMSG.ini
    [2011/12/03 15:06:53 | 000,409,600 | ---- | C] () -- C:\Program Files\LiveUpdateTray.exe
    [2011/12/03 15:06:53 | 000,090,112 | ---- | C] () -- C:\Program Files\Pm60DB.dll
    [2011/12/03 15:06:53 | 000,060,416 | ---- | C] () -- C:\Program Files\UFSE.DLL
    [2011/12/03 15:06:52 | 000,122,880 | ---- | C] () -- C:\Program Files\ImportOldDB.exe
    [2011/12/03 15:06:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
    [2011/12/03 15:06:43 | 000,285,367 | ---- | C] () -- C:\Program Files\PMVIEW.EX_
    [2011/12/03 15:06:43 | 000,270,336 | ---- | C] () -- C:\Program Files\EzBres.dll
    [2011/12/03 15:06:43 | 000,049,152 | ---- | C] () -- C:\Program Files\expvw.exe
    [2011/12/03 15:06:43 | 000,001,676 | ---- | C] () -- C:\Program Files\Paper.lst
    [2011/12/03 15:06:43 | 000,001,353 | ---- | C] () -- C:\Program Files\NetScan_Strings.ini
    [2011/12/03 15:06:43 | 000,000,918 | ---- | C] () -- C:\Program Files\Print.str
    [2011/12/03 15:06:43 | 000,000,234 | ---- | C] () -- C:\Program Files\pmsavepdf.str
    [2011/12/03 15:06:43 | 000,000,210 | ---- | C] () -- C:\Program Files\pmset.ini
    [2011/12/03 15:06:43 | 000,000,180 | ---- | C] () -- C:\Program Files\2003MSG.ini
    [2011/12/03 15:06:43 | 000,000,064 | ---- | C] () -- C:\Program Files\ocr.str
    [2011/12/03 15:06:42 | 000,139,264 | ---- | C] () -- C:\Program Files\Convert.exe
    [2011/12/03 15:06:42 | 000,048,866 | ---- | C] () -- C:\Program Files\prestopm.str
    [2011/12/03 15:06:42 | 000,000,890 | ---- | C] () -- C:\Program Files\pmsb.str
    [2011/12/03 15:06:42 | 000,000,786 | ---- | C] () -- C:\Program Files\pmNotes.str
    [2011/12/03 15:06:42 | 000,000,331 | ---- | C] () -- C:\Program Files\ScanModule.str
    [2011/12/03 15:06:42 | 000,000,153 | ---- | C] () -- C:\Program Files\PMDrvStr.ini
    [2011/12/03 15:06:27 | 000,120,320 | ---- | C] () -- C:\Program Files\pack.dll
    [2011/12/03 15:06:27 | 000,049,152 | ---- | C] () -- C:\Program Files\VideoData.dll
    [2011/12/03 15:06:27 | 000,000,297 | ---- | C] () -- C:\Program Files\Vcd_PAL
    [2011/12/03 15:06:27 | 000,000,297 | ---- | C] () -- C:\Program Files\Vcd_NTSC
    [2011/12/03 15:06:26 | 000,112,128 | ---- | C] () -- C:\Program Files\UNPACK.DLL
    [2011/12/03 15:06:26 | 000,037,376 | ---- | C] () -- C:\Program Files\ExeBud32.dll
    [2011/12/03 15:06:26 | 000,036,864 | ---- | C] () -- C:\Program Files\EXPupk32.EXE
    [2011/12/03 15:06:26 | 000,028,672 | ---- | C] () -- C:\Program Files\ImgToAviExe.dll
    [2011/12/03 15:06:26 | 000,024,576 | ---- | C] () -- C:\Program Files\RegSession.dll
    [2011/12/03 15:06:26 | 000,000,297 | ---- | C] () -- C:\Program Files\Mpg1
    [2011/12/03 15:06:26 | 000,000,026 | ---- | C] () -- C:\Program Files\Function.ini
    [2011/12/03 15:06:10 | 000,245,760 | ---- | C] () -- C:\Program Files\pccrsdk.dll
    [2011/12/03 15:06:10 | 000,172,032 | ---- | C] () -- C:\Program Files\post.dll
    [2011/12/03 15:06:09 | 000,331,776 | ---- | C] () -- C:\Program Files\imgtool.dll
    [2011/12/03 15:06:09 | 000,327,680 | ---- | C] () -- C:\Program Files\Segment.dll
    [2011/12/03 15:06:09 | 000,167,995 | ---- | C] () -- C:\Program Files\fid.dll
    [2011/12/03 15:06:09 | 000,122,880 | ---- | C] () -- C:\Program Files\dcexport.dll
    [2011/12/03 15:06:09 | 000,065,536 | ---- | C] () -- C:\Program Files\dcfr.dll
    [2011/12/03 15:06:09 | 000,008,781 | ---- | C] () -- C:\Program Files\SCANNERS.DAT
    [2011/12/03 15:06:08 | 000,331,776 | ---- | C] () -- C:\Program Files\Recogn.dll
    [2011/12/03 15:06:08 | 000,126,976 | ---- | C] () -- C:\Program Files\OCRUtil.dll
    [2011/12/03 15:06:08 | 000,028,672 | ---- | C] () -- C:\Program Files\OCRLang.dll
    [2011/12/03 15:06:08 | 000,000,329 | ---- | C] () -- C:\Program Files\FontTok.ini
    [2011/12/03 15:06:06 | 000,000,000 | ---- | C] () -- C:\Program Files\BITSOFT.DIR
    [2011/12/03 15:05:43 | 000,036,864 | ---- | C] () -- C:\Program Files\Palette.map
    [2011/12/03 15:05:42 | 000,493,316 | ---- | C] () -- C:\Program Files\UNDERLIN.PAT
    [2011/12/03 15:05:42 | 000,130,560 | ---- | C] () -- C:\Program Files\FioExt32.dll
    [2011/12/03 15:05:41 | 001,388,424 | ---- | C] () -- C:\Program Files\TURKISH.LCD
    [2011/12/03 15:05:41 | 000,326,738 | ---- | C] () -- C:\Program Files\TYPEWRIT.PAT
    [2011/12/03 15:05:41 | 000,241,073 | ---- | C] () -- C:\Program Files\TURKISH.LMD
    [2011/12/03 15:05:41 | 000,227,468 | ---- | C] () -- C:\Program Files\TYPEWRIT.PTS
    [2011/12/03 15:05:41 | 000,086,680 | ---- | C] () -- C:\Program Files\SWEDISH.LMD
    [2011/12/03 15:05:40 | 001,862,662 | ---- | C] () -- C:\Program Files\SWEDISH.LCD
    [2011/12/03 15:05:40 | 001,489,272 | ---- | C] () -- C:\Program Files\SPANISH.LCD
    [2011/12/03 15:05:40 | 000,226,690 | ---- | C] () -- C:\Program Files\SPANISH.LMD
    [2011/12/03 15:05:40 | 000,000,004 | ---- | C] () -- C:\Program Files\RPR371.JRT
    [2011/12/03 15:05:39 | 000,101,600 | ---- | C] () -- C:\Program Files\PORTUG.LMD
    [2011/12/03 15:05:38 | 001,596,307 | ---- | C] () -- C:\Program Files\NORWNYN.LCD
    [2011/12/03 15:05:38 | 001,094,057 | ---- | C] () -- C:\Program Files\POLISH.LCD
    [2011/12/03 15:05:38 | 000,798,902 | ---- | C] () -- C:\Program Files\PORTUG.LCD
    [2011/12/03 15:05:38 | 000,155,990 | ---- | C] () -- C:\Program Files\POLISH.LMD
    [2011/12/03 15:05:38 | 000,055,900 | ---- | C] () -- C:\Program Files\PART.PAT
    [2011/12/03 15:05:38 | 000,055,721 | ---- | C] () -- C:\Program Files\NORWBOK.LMD
    [2011/12/03 15:05:38 | 000,042,851 | ---- | C] () -- C:\Program Files\NORWNYN.LMD
    [2011/12/03 15:05:38 | 000,026,384 | ---- | C] () -- C:\Program Files\PART.PTS
    [2011/12/03 15:05:37 | 002,475,240 | ---- | C] () -- C:\Program Files\NORWBOK.LCD
    [2011/12/03 15:05:37 | 000,652,596 | ---- | C] () -- C:\Program Files\NORMAL.PAT
    [2011/12/03 15:05:37 | 000,443,488 | ---- | C] () -- C:\Program Files\NORMAL.PTS
    [2011/12/03 15:05:37 | 000,059,392 | ---- | C] () -- C:\Program Files\NGRMSPN.DLL
    [2011/12/03 15:05:37 | 000,054,784 | ---- | C] () -- C:\Program Files\NGRMTRK.DLL
    [2011/12/03 15:05:37 | 000,040,960 | ---- | C] () -- C:\Program Files\NGRMSWE.DLL
    [2011/12/03 15:05:37 | 000,034,816 | ---- | C] () -- C:\Program Files\NGRMRUS.DLL
    [2011/12/03 15:05:36 | 000,096,768 | ---- | C] () -- C:\Program Files\NGRMPTG.DLL
    [2011/12/03 15:05:36 | 000,059,392 | ---- | C] () -- C:\Program Files\NGRMPLK.DLL
    [2011/12/03 15:05:36 | 000,054,784 | ---- | C] () -- C:\Program Files\NGRMITA.DLL
    [2011/12/03 15:05:36 | 000,034,816 | ---- | C] () -- C:\Program Files\NGRMNOR.DLL
    [2011/12/03 15:05:36 | 000,034,816 | ---- | C] () -- C:\Program Files\NGRMNON.DLL
    [2011/12/03 15:05:35 | 000,063,488 | ---- | C] () -- C:\Program Files\NGRMFRA.DLL
    [2011/12/03 15:05:35 | 000,061,440 | ---- | C] () -- C:\Program Files\NGRMDUT.DLL
    [2011/12/03 15:05:35 | 000,040,960 | ---- | C] () -- C:\Program Files\NGRMGRE.DLL
    [2011/12/03 15:05:35 | 000,039,424 | ---- | C] () -- C:\Program Files\NGRMGER.DLL
    [2011/12/03 15:05:35 | 000,037,888 | ---- | C] () -- C:\Program Files\NGRMDAN.DLL
    [2011/12/03 15:05:35 | 000,027,136 | ---- | C] () -- C:\Program Files\NGRMFIN.DLL
    [2011/12/03 15:05:35 | 000,025,088 | ---- | C] () -- C:\Program Files\NGRMENG.DLL
    [2011/12/03 15:05:34 | 000,439,460 | ---- | C] () -- C:\Program Files\MATRIX.PAT
    [2011/12/03 15:05:34 | 000,233,828 | ---- | C] () -- C:\Program Files\MATRIX.PTS
    [2011/12/03 15:05:34 | 000,122,368 | ---- | C] () -- C:\Program Files\NGRMCSY.DLL
    [2011/12/03 15:05:33 | 000,536,146 | ---- | C] () -- C:\Program Files\ITALIC.PAT
    [2011/12/03 15:05:33 | 000,272,324 | ---- | C] () -- C:\Program Files\ITALIC.PTS
    [2011/12/03 15:05:32 | 002,511,811 | ---- | C] () -- C:\Program Files\ITALIAN.LCD
    [2011/12/03 15:05:32 | 000,247,882 | ---- | C] () -- C:\Program Files\ITALIAN.LMD
    [2011/12/03 15:05:31 | 000,000,001 | ---- | C] () -- C:\Program Files\HUNGAR.LCD
    [2011/12/03 15:05:30 | 002,298,037 | ---- | C] () -- C:\Program Files\GREEK.LCD
    [2011/12/03 15:05:30 | 000,290,211 | ---- | C] () -- C:\Program Files\GERMAN.LMD
    [2011/12/03 15:05:30 | 000,078,353 | ---- | C] () -- C:\Program Files\GREEK.LMD
    [2011/12/03 15:05:29 | 001,996,754 | ---- | C] () -- C:\Program Files\GERMAN.LCD
    [2011/12/03 15:05:29 | 000,854,976 | ---- | C] () -- C:\Program Files\FRENCH.LCD
    [2011/12/03 15:05:29 | 000,107,075 | ---- | C] () -- C:\Program Files\FRENCH.LMD
    [2011/12/03 15:05:28 | 001,078,711 | ---- | C] () -- C:\Program Files\FINNISH.LMD
    [2011/12/03 15:05:26 | 004,525,579 | ---- | C] () -- C:\Program Files\FINNISH.LCD
    [2011/12/03 15:05:25 | 000,940,312 | ---- | C] () -- C:\Program Files\ENGLISH.LCD
    [2011/12/03 15:05:25 | 000,089,337 | ---- | C] () -- C:\Program Files\DUTCH.LMD
    [2011/12/03 15:05:25 | 000,085,986 | ---- | C] () -- C:\Program Files\ENGLISH.LMD
    [2011/12/03 15:05:23 | 003,059,143 | ---- | C] () -- C:\Program Files\DUTCH.LCD
    [2011/12/03 15:05:23 | 000,054,823 | ---- | C] () -- C:\Program Files\DANISH.LMD
    [2011/12/03 15:05:22 | 002,317,496 | ---- | C] () -- C:\Program Files\DANISH.LCD
    [2011/12/03 15:05:21 | 000,111,817 | ---- | C] () -- C:\Program Files\CZECH.LMD
    [2011/12/03 15:05:20 | 002,249,060 | ---- | C] () -- C:\Program Files\CZECH.LCD
    [2011/12/03 15:05:20 | 000,463,542 | ---- | C] () -- C:\Program Files\BOLD.PAT
    [2011/12/03 15:05:12 | 000,098,304 | ---- | C] () -- C:\Program Files\Qem.dll
    [2011/12/03 15:05:11 | 000,168,448 | ---- | C] () -- C:\Program Files\OLDPNG32.DLL
    [2011/12/03 15:05:11 | 000,049,152 | ---- | C] () -- C:\Program Files\Lpm.dll
    [2011/12/03 15:05:11 | 000,000,024 | ---- | C] () -- C:\Program Files\Fioall.ini
    [2011/12/03 15:05:10 | 000,270,848 | ---- | C] () -- C:\Program Files\Fioall.dll
    [2011/12/03 15:05:08 | 000,000,494 | ---- | C] () -- C:\Program Files\Default.rec
    [2011/12/03 15:05:05 | 000,002,336 | ---- | C] () -- C:\Program Files\xpdfrc
    [2011/12/03 15:05:04 | 000,057,344 | ---- | C] () -- C:\Program Files\umxnts32.dll
    [2011/12/03 15:05:04 | 000,036,864 | ---- | C] () -- C:\Program Files\unregapp.exe
    [2011/12/03 15:05:04 | 000,028,672 | ---- | C] () -- C:\Program Files\sosalnk.dll
    [2011/12/03 15:05:04 | 000,024,576 | ---- | C] () -- C:\Program Files\regapp.exe
    [2011/12/03 15:05:04 | 000,024,576 | ---- | C] () -- C:\Program Files\printlnk.dll
    [2011/12/03 15:05:04 | 000,021,180 | ---- | C] () -- C:\Program Files\search.avi
    [2011/12/03 15:05:03 | 000,045,056 | ---- | C] () -- C:\Program Files\pmsb_CN.exe
    [2011/12/03 15:05:03 | 000,045,056 | ---- | C] () -- C:\Program Files\pmdata.dll
    [2011/12/03 15:05:03 | 000,001,725 | ---- | C] () -- C:\Program Files\pmsb.ini
    [2011/12/03 15:05:03 | 000,000,325 | ---- | C] () -- C:\Program Files\pmsetap.ini
    [2011/12/03 15:05:02 | 000,323,584 | ---- | C] () -- C:\Program Files\nsfpx.dll
    [2011/12/03 15:05:02 | 000,114,739 | ---- | C] () -- C:\Program Files\nextpwd.dll
    [2011/12/03 15:05:02 | 000,040,448 | ---- | C] () -- C:\Program Files\memio.dll
    [2011/12/03 15:05:01 | 001,933,312 | ---- | C] () -- C:\Program Files\lcppn22.dll
    [2011/12/03 15:05:01 | 000,028,672 | ---- | C] () -- C:\Program Files\mapilnk.dll
    [2011/12/03 15:05:00 | 000,028,672 | ---- | C] () -- C:\Program Files\hookdll.dll
    [2011/12/03 15:04:59 | 000,368,640 | ---- | C] () -- C:\Program Files\fpxlib.dll
    [2011/12/03 15:04:59 | 000,028,672 | ---- | C] () -- C:\Program Files\foldrlnk.dll
    [2011/12/03 15:04:59 | 000,024,576 | ---- | C] () -- C:\Program Files\faxlnk.dll
    [2011/12/03 15:04:59 | 000,024,576 | ---- | C] () -- C:\Program Files\codecvt.dll
    [2011/12/03 15:04:58 | 000,483,328 | ---- | C] () -- C:\Program Files\WpdfViewer.exe
    [2011/12/03 15:04:58 | 000,057,344 | ---- | C] () -- C:\Program Files\WriteData2Pdf.dll
    [2011/12/03 15:04:58 | 000,045,056 | ---- | C] () -- C:\Program Files\WriteIfo2Pdf.dll
    [2011/12/03 15:04:58 | 000,040,960 | ---- | C] () -- C:\Program Files\WriteOcr2Pdf.dll
    [2011/12/03 15:04:58 | 000,036,864 | ---- | C] () -- C:\Program Files\WordVBA.dll
    [2011/12/03 15:04:58 | 000,036,864 | ---- | C] () -- C:\Program Files\cmdlnk.dll
    [2011/12/03 15:04:58 | 000,032,768 | ---- | C] () -- C:\Program Files\ccmllnk.dll
    [2011/12/03 15:04:58 | 000,031,744 | ---- | C] () -- C:\Program Files\XpsCreator.dll
    [2011/12/03 15:04:58 | 000,024,576 | ---- | C] () -- C:\Program Files\WriteTxt2Pdf.dll
    [2011/12/03 15:04:58 | 000,004,288 | ---- | C] () -- C:\Program Files\WpdfViewer.tlb
    [2011/12/03 15:04:57 | 000,110,592 | ---- | C] () -- C:\Program Files\Wait.exe
    [2011/12/03 15:04:57 | 000,046,592 | ---- | C] () -- C:\Program Files\UXFSE.DLL
    [2011/12/03 15:04:57 | 000,028,672 | ---- | C] () -- C:\Program Files\TestImage2Pdf.dll
    [2011/12/03 15:04:57 | 000,024,576 | ---- | C] () -- C:\Program Files\VisioVBA.dll
    [2011/12/03 15:04:57 | 000,024,576 | ---- | C] () -- C:\Program Files\UFioDll.dll
    [2011/12/03 15:04:57 | 000,020,480 | ---- | C] () -- C:\Program Files\UnInstall.exe
    [2011/12/03 15:04:57 | 000,000,462 | ---- | C] () -- C:\Program Files\WEBSYNC.INI
    [2011/12/03 15:04:56 | 000,868,352 | ---- | C] () -- C:\Program Files\SlideBarDLL.dll
    [2011/12/03 15:04:56 | 000,094,208 | ---- | C] () -- C:\Program Files\ScanModule.dll
    [2011/12/03 15:04:56 | 000,032,768 | ---- | C] () -- C:\Program Files\Restore.dll
    [2011/12/03 15:04:56 | 000,032,768 | ---- | C] () -- C:\Program Files\ReadFileData.dll
    [2011/12/03 15:04:56 | 000,028,672 | ---- | C] () -- C:\Program Files\SaveToJpg.dll
    [2011/12/03 15:04:56 | 000,028,672 | ---- | C] () -- C:\Program Files\ReadTxtInfo.dll
    [2011/12/03 15:04:55 | 000,208,896 | ---- | C] () -- C:\Program Files\RapDocImg.dll
    [2011/12/03 15:04:55 | 000,053,248 | ---- | C] () -- C:\Program Files\PrnDrvSetup.dll
    [2011/12/03 15:04:55 | 000,049,152 | ---- | C] () -- C:\Program Files\Print.dll
    [2011/12/03 15:04:55 | 000,045,056 | ---- | C] () -- C:\Program Files\PrintHook.dll
    [2011/12/03 15:04:55 | 000,040,960 | ---- | C] () -- C:\Program Files\Prestopm_CN.exe
    [2011/12/03 15:04:55 | 000,032,768 | ---- | C] () -- C:\Program Files\PrintFunLnk.dll
    [2011/12/03 15:04:55 | 000,000,702 | ---- | C] () -- C:\Program Files\PrnSetup.ini
    [2011/12/03 15:04:54 | 000,028,672 | ---- | C] () -- C:\Program Files\PowerTVBA.dll
    [2011/12/03 15:04:53 | 000,165,888 | ---- | C] () -- C:\Program Files\PTLIB.dll
    [2011/12/03 15:04:53 | 000,051,136 | ---- | C] () -- C:\Program Files\Pmapps.ini
    [2011/12/03 15:04:53 | 000,045,056 | ---- | C] () -- C:\Program Files\PerformOcr.dll
    [2011/12/03 15:04:53 | 000,040,448 | ---- | C] () -- C:\Program Files\PMXpsView.dll
    [2011/12/03 15:04:53 | 000,024,576 | ---- | C] () -- C:\Program Files\PMXpsHostView.dll
    [2011/12/03 15:04:53 | 000,002,070 | ---- | C] () -- C:\Program Files\Pm.ini
    [2011/12/03 15:04:52 | 001,171,456 | ---- | C] () -- C:\Program Files\PMView.dll
    [2011/12/03 15:04:52 | 000,366,888 | ---- | C] () -- C:\Program Files\PMToApp.ilk
    [2011/12/03 15:04:52 | 000,253,952 | ---- | C] () -- C:\Program Files\PMTree.dll
    [2011/12/03 15:04:52 | 000,098,304 | ---- | C] () -- C:\Program Files\PMVLink.dll
    [2011/12/03 15:04:52 | 000,040,960 | ---- | C] () -- C:\Program Files\PMVoice.dll
    [2011/12/03 15:04:52 | 000,032,768 | ---- | C] () -- C:\Program Files\PMXpsCreator.dll
    [2011/12/03 15:04:51 | 000,180,224 | ---- | C] () -- C:\Program Files\PMScnSet.dll
    [2011/12/03 15:04:51 | 000,151,552 | ---- | C] () -- C:\Program Files\PMSearch.dll
    [2011/12/03 15:04:51 | 000,081,920 | ---- | C] () -- C:\Program Files\PMSave.dll
    [2011/12/03 15:04:51 | 000,057,344 | ---- | C] () -- C:\Program Files\PMStatus.dll
    [2011/12/03 15:04:51 | 000,049,152 | ---- | C] () -- C:\Program Files\PMSet.dll


    END FIRST HALF OF REPORT
     
    dispatch trophy,
    #13
  15. 2011/12/04
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    THIRD QUARTER OTL SCAN BEGINNING:

    [2011/12/03 15:04:51 | 000,036,864 | ---- | C] () -- C:\Program Files\PMSavePdf.dll
    [2011/12/03 15:04:51 | 000,032,768 | ---- | C] () -- C:\Program Files\PMSaveXPS.dll
    [2011/12/03 15:04:50 | 000,290,816 | ---- | C] () -- C:\Program Files\PMPageVW.dll
    [2011/12/03 15:04:50 | 000,176,128 | ---- | C] () -- C:\Program Files\PMImgVW.dll
    [2011/12/03 15:04:50 | 000,086,016 | ---- | C] () -- C:\Program Files\PMProp.dll
    [2011/12/03 15:04:50 | 000,073,728 | ---- | C] () -- C:\Program Files\PMNotes.exe
    [2011/12/03 15:04:50 | 000,036,864 | ---- | C] () -- C:\Program Files\PMPDFView.dll
    [2011/12/03 15:04:50 | 000,005,056 | ---- | C] () -- C:\Program Files\PMMAIL.EXE
    [2011/12/03 15:04:49 | 000,294,912 | ---- | C] () -- C:\Program Files\PMAppBar.dll
    [2011/12/03 15:04:49 | 000,249,856 | ---- | C] () -- C:\Program Files\PMDB.dll
    [2011/12/03 15:04:49 | 000,180,307 | ---- | C] () -- C:\Program Files\PMINSO.dll
    [2011/12/03 15:04:49 | 000,155,648 | ---- | C] () -- C:\Program Files\PMCommon.dll
    [2011/12/03 15:04:49 | 000,094,208 | ---- | C] () -- C:\Program Files\PMDocVW.dll
    [2011/12/03 15:04:49 | 000,057,344 | ---- | C] () -- C:\Program Files\PMISM.dll
    [2011/12/03 15:04:49 | 000,045,056 | ---- | C] () -- C:\Program Files\PMExeBud.dll
    [2011/12/03 15:04:49 | 000,040,960 | ---- | C] () -- C:\Program Files\PMIEVW.dll
    [2011/12/03 15:04:48 | 000,315,392 | ---- | C] () -- C:\Program Files\PMAnoSet.dll
    [2011/12/03 15:04:48 | 000,131,072 | ---- | C] () -- C:\Program Files\PMANO.dll
    [2011/12/03 15:04:48 | 000,110,592 | ---- | C] () -- C:\Program Files\PDFWriter.dll
    [2011/12/03 15:04:48 | 000,102,400 | ---- | C] () -- C:\Program Files\PMApSet.dll
    [2011/12/03 15:04:48 | 000,069,632 | ---- | C] () -- C:\Program Files\PHooKDlg.dll
    [2011/12/03 15:04:48 | 000,040,960 | ---- | C] () -- C:\Program Files\PDFWDLL.dll
    [2011/12/03 15:04:48 | 000,028,672 | ---- | C] () -- C:\Program Files\OutlookVBA.dll
    [2011/12/03 15:04:48 | 000,001,879 | ---- | C] () -- C:\Program Files\PMAPPU.INI
    [2011/12/03 15:04:47 | 000,126,976 | ---- | C] () -- C:\Program Files\OCR.dll
    [2011/12/03 15:04:47 | 000,040,960 | ---- | C] () -- C:\Program Files\NsWaitApp.exe
    [2011/12/03 15:04:47 | 000,000,603 | ---- | C] () -- C:\Program Files\OCRLang.ini
    [2011/12/03 15:04:46 | 000,098,304 | ---- | C] () -- C:\Program Files\NsScan.dll
    [2011/12/03 15:04:46 | 000,069,632 | ---- | C] () -- C:\Program Files\NsSavePdf.exe
    [2011/12/03 15:04:46 | 000,061,440 | ---- | C] () -- C:\Program Files\NsScanToPdf.exe
    [2011/12/03 15:04:46 | 000,036,864 | ---- | C] () -- C:\Program Files\NsScanToOcr.exe
    [2011/12/03 15:04:45 | 000,557,056 | ---- | C] () -- C:\Program Files\NsPdf.dll
    [2011/12/03 15:04:45 | 000,527,624 | ---- | C] () -- C:\Program Files\Netsearch.avi
    [2011/12/03 15:04:45 | 000,061,440 | ---- | C] () -- C:\Program Files\NsFip.dll
    [2011/12/03 15:04:45 | 000,040,960 | ---- | C] () -- C:\Program Files\NetFun98.dll
    [2011/12/03 15:04:45 | 000,040,960 | ---- | C] () -- C:\Program Files\NetFun2K.dll
    [2011/12/03 15:04:45 | 000,036,864 | ---- | C] () -- C:\Program Files\Noteslnk.DLL
    [2011/12/03 15:04:45 | 000,032,768 | ---- | C] () -- C:\Program Files\NsOEMKey.dll
    [2011/12/03 15:04:45 | 000,032,768 | ---- | C] () -- C:\Program Files\NewsoftLink.dll
    [2011/12/03 15:04:45 | 000,028,672 | ---- | C] () -- C:\Program Files\NetScanDll.dll
    [2011/12/03 15:04:45 | 000,028,672 | ---- | C] () -- C:\Program Files\NetGroupDll.dll
    [2011/12/03 15:04:45 | 000,002,538 | ---- | C] () -- C:\Program Files\NetScanDll.lib
    [2011/12/03 15:04:45 | 000,000,666 | ---- | C] () -- C:\Program Files\NsFunTable.DB
    [2011/12/03 15:04:45 | 000,000,398 | ---- | C] () -- C:\Program Files\NsKeyTable.DB
    [2011/12/03 15:04:44 | 000,049,152 | ---- | C] () -- C:\Program Files\NSWia.dll
    [2011/12/03 15:04:44 | 000,049,152 | ---- | C] () -- C:\Program Files\NSMEM.dll
    [2011/12/03 15:04:44 | 000,028,672 | ---- | C] () -- C:\Program Files\NSWinZip.dll
    [2011/12/03 15:04:44 | 000,028,672 | ---- | C] () -- C:\Program Files\NetDll.dll
    [2011/12/03 15:04:44 | 000,024,576 | ---- | C] () -- C:\Program Files\NTSTHK16.DLL
    [2011/12/03 15:04:44 | 000,020,480 | ---- | C] () -- C:\Program Files\MsMail.exe
    [2011/12/03 15:04:44 | 000,018,944 | ---- | C] () -- C:\Program Files\NTSTHK32.DLL
    [2011/12/03 15:04:44 | 000,009,606 | ---- | C] () -- C:\Program Files\NEWSOFT
    [2011/12/03 15:04:43 | 000,507,904 | ---- | C] () -- C:\Program Files\MergePDF.dll
    [2011/12/03 15:04:42 | 000,114,688 | ---- | C] () -- C:\Program Files\jpeglib.dll
    [2011/12/03 15:04:42 | 000,098,304 | ---- | C] () -- C:\Program Files\ComClass.dll
    [2011/12/03 15:04:42 | 000,069,632 | ---- | C] () -- C:\Program Files\DibToMpeg.dll
    [2011/12/03 15:04:42 | 000,040,960 | ---- | C] () -- C:\Program Files\ExcelVBA.dll
    [2011/12/03 15:04:42 | 000,028,672 | ---- | C] () -- C:\Program Files\Import.dll
    [2011/12/03 15:04:42 | 000,028,672 | ---- | C] () -- C:\Program Files\GetPhotoPath.dll
    [2011/12/03 15:04:42 | 000,024,576 | ---- | C] () -- C:\Program Files\InitCtrl.dll
    [2011/12/03 15:04:41 | 000,110,592 | ---- | C] () -- C:\Program Files\AutoCrop.dll
    [2011/12/03 15:04:41 | 000,028,672 | ---- | C] () -- C:\Program Files\CloseNetGroup.exe
    [2011/12/03 15:04:41 | 000,024,576 | ---- | C] () -- C:\Program Files\AutmnXls.dll
    [2011/12/03 15:04:41 | 000,024,576 | ---- | C] () -- C:\Program Files\AutmnPpt.dll
    [2011/12/03 15:04:41 | 000,024,576 | ---- | C] () -- C:\Program Files\AutmnDoc.dll
    [2011/12/03 15:04:41 | 000,000,037 | ---- | C] () -- C:\Program Files\AppClassName.ini
    [2011/12/03 15:01:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2011/12/03 14:54:34 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CanoScan Toolbox 5.0.lnk
    [2011/12/03 14:54:07 | 000,001,952 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CanoScan LiDE 600F On-screen Manual.lnk
    [2011/12/03 14:51:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\user account\My Documents\sta_per
    [2011/12/03 14:51:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user account\My Documents\sta_req
    [2011/12/02 23:38:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/12/02 23:38:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/02 09:30:35 | 000,057,685 | ---- | C] () -- C:\WINDOWS\result.cab
    [2011/12/02 03:18:53 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/12/02 00:44:20 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
    [2011/12/02 00:44:20 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
    [2011/12/01 20:49:45 | 000,000,364 | ---- | C] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/12/01 20:49:45 | 000,000,364 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/12/01 20:49:45 | 000,000,364 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/12/01 19:57:05 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\user account\Desktop\Verizon Message Center.lnk
    [2011/12/01 19:57:05 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\user account\Desktop\My Verizon.lnk
    [2011/12/01 19:57:05 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\user account\Desktop\Search.lnk
    [2011/11/30 21:07:43 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\TheWorld.lnk
    [2011/11/30 21:07:43 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TheWorld.lnk
    [2011/11/30 21:07:43 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TheWorld.lnk
    [2011/11/30 16:38:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2011/11/30 16:37:36 | 000,002,022 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
    [2011/11/30 16:37:36 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2011/11/30 16:31:06 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
    [2011/11/30 16:13:09 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\user account\Start Menu\Programs\Startup\Hewlett-Packard Recorder.lnk
    [2011/11/30 15:58:35 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet v series) - 1.lnk
    [2011/11/30 15:58:35 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hp officejet v series.lnk
    [2011/11/30 15:56:34 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
    [2011/11/30 15:12:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
    [2011/11/30 15:12:21 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\macrovsn.dll
    [2011/11/30 15:12:21 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MMDVDROM.dll
    [2011/11/30 15:12:21 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\getregn.exe
    [2011/11/30 15:01:14 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user account\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/30 15:01:14 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\RealJukebox.lnk
    [2011/11/30 15:01:14 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/11/30 15:01:14 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
    [2011/11/30 15:01:14 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/11/30 15:01:14 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer Basic.lnk
    [2011/11/30 15:01:14 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011/11/30 15:01:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\user account\Start Menu\Programs\Remote Assistance.lnk
    [2011/11/30 15:01:12 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\user account\Start Menu\Programs\Internet Explorer.lnk
    [2011/11/30 15:01:12 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\user account\Start Menu\Programs\Windows Media Player.lnk
    [2011/11/30 15:01:12 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\user account\Start Menu\Programs\Outlook Express.lnk
    [2011/11/30 15:00:25 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 3.job
    [2011/11/30 15:00:24 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 2.job
    [2011/11/30 15:00:24 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 1.job
    [2011/11/30 15:00:20 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Explorer.lnk
    [2011/11/30 15:00:20 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Media Player.lnk
    [2011/11/30 14:39:27 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5500a.aio
    [2011/11/30 14:39:27 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5400a.aio
    [2011/11/30 14:39:27 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5300a.aio
    [2001/12/14 17:17:55 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2001/12/14 15:03:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
    [2001/12/14 15:02:55 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
    [2001/12/14 14:46:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
    [2001/12/14 14:44:06 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2001/12/14 14:44:05 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
    [2001/12/14 14:44:05 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2001/12/14 14:35:03 | 000,000,502 | ---- | C] () -- C:\WINDOWS\photoprn.ini
    [2001/12/14 14:04:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
    [2001/12/14 14:03:19 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2001/12/14 14:03:19 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2001/12/14 14:03:17 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
    [2001/12/14 13:14:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2001/12/14 12:45:42 | 000,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2001/12/14 12:44:54 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2001/12/14 12:40:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2001/12/14 12:36:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2001/12/14 11:26:35 | 000,605,288 | ---- | C] () -- C:\WINDOWS\Q312368.EXE
    [2001/12/14 11:26:34 | 000,458,344 | ---- | C] () -- C:\WINDOWS\Q308677.EXE
    [2001/12/14 11:26:34 | 000,290,920 | ---- | C] () -- C:\WINDOWS\Q311889.EXE
    [2001/12/14 11:26:34 | 000,159,336 | ---- | C] () -- C:\WINDOWS\Q307271.exe
    [2001/12/14 11:26:24 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2001/12/14 11:25:57 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2001/12/14 11:25:56 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
    [2001/12/14 11:25:55 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2001/12/14 11:25:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2001/12/14 11:25:55 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2001/12/14 11:25:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2001/12/14 11:25:53 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/12/14 11:25:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/12/14 11:25:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/12/14 11:25:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2001/12/14 11:25:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2001/12/14 11:25:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2001/12/14 11:25:29 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2001/12/14 04:31:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2001/12/14 04:30:44 | 000,151,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== LOP Check ==========

    [2011/12/02 03:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/12/03 15:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2001/12/14 14:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
    [2001/12/14 14:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
    [2011/12/03 14:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user account\Application Data\Canon
    [2001/12/14 14:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user account\Application Data\InterTrust
    [2011/12/03 15:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user account\Application Data\NewSoft
    [2011/12/03 15:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user account\Application Data\ScanSoft
    [2011/11/30 15:00:24 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
    [2011/11/30 15:00:25 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
    [2011/11/30 15:00:25 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/12/02 11:02:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/12/01 19:04:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.CAM
    [2011/11/30 15:00:26 | 000,000,194 | ---- | M] () -- C:\Boot.bak
    [2011/12/03 21:40:21 | 000,000,310 | RHS- | M] () -- C:\boot.ini
    [2001/08/17 13:49:34 | 000,237,728 | RHS- | M] () -- C:\cmldr
    [2011/12/03 22:06:28 | 000,014,858 | ---- | M] () -- C:\ComboFix.txt
    [2001/12/14 12:38:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/12/04 11:33:52 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
    [2001/12/14 12:38:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2001/12/14 12:38:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2001/08/18 04:00:00 | 000,045,124 | RHS- | M] () -- C:\NTDETECT.COM
    [2001/08/18 04:00:00 | 000,222,368 | RHS- | M] () -- C:\ntldr
    [2011/12/04 11:33:47 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2001/12/14 12:38:14 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 10:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2004/10/14 18:59:02 | 000,000,180 | ---- | M] () -- C:\Program Files\2003MSG.ini
    [2003/01/08 02:09:36 | 000,000,037 | ---- | M] () -- C:\Program Files\AppClassName.ini
    [2003/09/11 08:49:58 | 000,167,936 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\AudioData.dll
    [2006/07/11 11:02:46 | 000,024,576 | ---- | M] () -- C:\Program Files\AutmnDoc.dll
    [2006/07/11 11:02:58 | 000,024,576 | ---- | M] () -- C:\Program Files\AutmnPpt.dll
    [2006/07/11 11:03:06 | 000,024,576 | ---- | M] () -- C:\Program Files\AutmnXls.dll
    [2005/05/26 04:26:24 | 000,110,592 | ---- | M] () -- C:\Program Files\AutoCrop.dll
    [2006/09/20 11:09:14 | 000,024,576 | ---- | M] (newsoft) -- C:\Program Files\AvalonPage.dll
    [2001/06/29 16:50:52 | 000,249,856 | ---- | M] (NewSoft) -- C:\Program Files\Avi2Mpeg1.dll
    [2003/02/24 09:31:06 | 000,360,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\AviToMpeg2.dll
    [1999/11/04 09:17:58 | 000,000,000 | ---- | M] () -- C:\Program Files\BITSOFT.DIR
    [1999/01/13 17:50:28 | 000,463,542 | ---- | M] () -- C:\Program Files\BOLD.PAT
    [2004/02/04 15:57:32 | 000,159,744 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\Burn.dll
    [2004/01/02 18:01:26 | 000,045,056 | ---- | M] ( NewSoft Technology Corporation) -- C:\Program Files\BurnRes.dll
    [2004/02/24 17:16:00 | 000,032,768 | ---- | M] () -- C:\Program Files\ccmllnk.dll
    [2002/12/21 07:38:20 | 000,028,672 | ---- | M] () -- C:\Program Files\CloseNetGroup.exe
    [2005/03/15 10:48:14 | 000,036,864 | ---- | M] () -- C:\Program Files\cmdlnk.dll
    [1998/06/01 07:05:00 | 000,024,576 | ---- | M] () -- C:\Program Files\codecvt.dll
    [2005/04/08 09:25:48 | 000,098,304 | ---- | M] () -- C:\Program Files\ComClass.dll
    [2004/09/17 16:18:24 | 000,139,264 | ---- | M] () -- C:\Program Files\Convert.exe
    [1999/11/01 21:36:24 | 002,249,060 | ---- | M] () -- C:\Program Files\CZECH.LCD
    [1999/11/01 21:35:46 | 000,111,817 | ---- | M] () -- C:\Program Files\CZECH.LMD
    [1999/11/01 22:44:00 | 002,918,400 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\DA.DLL
    [1999/11/01 21:31:54 | 002,317,496 | ---- | M] () -- C:\Program Files\DANISH.LCD
    [1999/11/01 21:31:20 | 000,054,823 | ---- | M] () -- C:\Program Files\DANISH.LMD
    [2005/03/28 17:31:20 | 000,122,880 | ---- | M] () -- C:\Program Files\dcexport.dll
    [2005/03/28 17:31:24 | 000,065,536 | ---- | M] () -- C:\Program Files\dcfr.dll
    [2003/12/22 17:30:00 | 000,000,494 | ---- | M] () -- C:\Program Files\Default.rec
    [2003/02/24 09:31:08 | 000,069,632 | ---- | M] () -- C:\Program Files\DibToMpeg.dll
    [1999/11/01 21:31:20 | 003,059,143 | ---- | M] () -- C:\Program Files\DUTCH.LCD
    [1999/11/01 21:30:36 | 000,089,337 | ---- | M] () -- C:\Program Files\DUTCH.LMD
    [1999/11/01 21:04:04 | 000,090,624 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE0.DLL
    [1999/11/02 13:04:24 | 000,093,184 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE1.DLL
    [1999/11/02 13:06:26 | 000,089,088 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE13.DLL
    [1999/10/28 11:21:32 | 000,089,600 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE15.DLL
    [1999/11/02 13:04:40 | 000,092,672 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE2.DLL
    [1999/11/02 13:06:44 | 000,098,816 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE20.DLL
    [1999/11/02 13:07:00 | 000,088,576 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE23.DLL
    [1999/11/02 13:05:00 | 000,092,160 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE3.DLL
    [1999/11/02 13:05:30 | 000,090,112 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE5.DLL
    [1999/11/02 13:05:48 | 000,091,136 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE6.DLL
    [1999/11/02 13:06:08 | 000,089,088 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ENGINE7.DLL
    [1999/11/01 21:27:04 | 000,940,312 | ---- | M] () -- C:\Program Files\ENGLISH.LCD
    [1999/11/01 21:26:50 | 000,085,986 | ---- | M] () -- C:\Program Files\ENGLISH.LMD
    [2004/04/14 16:47:12 | 000,040,960 | ---- | M] () -- C:\Program Files\ExcelVBA.dll
    [1999/09/17 13:11:48 | 000,037,376 | ---- | M] () -- C:\Program Files\ExeBud32.dll
    [2006/10/14 09:36:32 | 000,000,065 | ---- | M] () -- C:\Program Files\Execute.ini
    [1999/11/01 22:46:02 | 000,794,624 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\EXPORT.DLL
    [2000/09/06 16:47:32 | 000,036,864 | ---- | M] () -- C:\Program Files\EXPupk32.EXE
    [2004/05/17 10:23:48 | 000,049,152 | ---- | M] () -- C:\Program Files\expvw.exe
    [2004/01/02 18:07:18 | 000,270,336 | ---- | M] () -- C:\Program Files\EzBres.dll
    [2003/05/22 16:12:16 | 000,024,576 | ---- | M] () -- C:\Program Files\faxlnk.dll
    [2002/10/07 17:30:46 | 000,167,995 | ---- | M] () -- C:\Program Files\fid.dll
    [1999/11/03 17:19:30 | 000,381,440 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\FineOCREngine.dll
    [1999/11/01 21:34:04 | 004,525,579 | ---- | M] () -- C:\Program Files\FINNISH.LCD
    [1999/11/01 21:32:40 | 001,078,711 | ---- | M] () -- C:\Program Files\FINNISH.LMD
    [1997/04/24 09:05:36 | 000,270,848 | ---- | M] () -- C:\Program Files\Fioall.dll
    [2004/11/12 16:06:20 | 000,000,024 | ---- | M] () -- C:\Program Files\Fioall.ini
    [2005/07/28 18:52:18 | 000,114,688 | ---- | M] (newsoftinc) -- C:\Program Files\Fioall32.dll
    [2003/11/30 17:57:28 | 000,032,768 | ---- | M] (newsoftinc) -- C:\Program Files\FioBmp32.dll
    [1997/05/16 15:54:14 | 000,130,560 | ---- | M] () -- C:\Program Files\FioExt32.dll
    [2003/11/30 18:02:08 | 000,159,744 | ---- | M] (newsoftinc) -- C:\Program Files\FioFpx32.dll
    [2003/11/30 18:04:58 | 000,135,168 | ---- | M] (newsoftinc) -- C:\Program Files\fiogif32.dll
    [2003/11/30 18:05:38 | 000,139,264 | ---- | M] (newsoftinc) -- C:\Program Files\FioJpg32.dll
    [2003/11/30 18:08:26 | 000,135,168 | ---- | M] (newsoftinc) -- C:\Program Files\FioPcd32.dll
    [2005/07/25 18:02:18 | 000,036,864 | ---- | M] (newsoftinc) -- C:\Program Files\fiopct32.dll
    [2003/11/30 18:13:04 | 000,032,768 | ---- | M] (newsoftinc) -- C:\Program Files\FioPcx32.dll
    [2003/11/30 18:13:12 | 000,221,184 | ---- | M] (newsoftinc) -- C:\Program Files\fiopng32.dll
    [2003/11/30 18:14:02 | 000,135,248 | ---- | M] (newsoftinc) -- C:\Program Files\FioPof32.dll
    [2003/11/30 18:14:24 | 000,032,768 | ---- | M] (newsoftinc) -- C:\Program Files\FioPsd32.dll
    [2004/07/01 15:08:34 | 000,143,360 | ---- | M] (newsoftinc) -- C:\Program Files\FioTga32.dll
    [2003/07/29 06:33:00 | 000,032,768 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\FioThumb.dll
    [2005/07/25 17:11:22 | 000,303,104 | ---- | M] (newsoftinc) -- C:\Program Files\Fiotif32.dll
    [2004/04/21 15:28:22 | 000,028,672 | ---- | M] (newsoftinc) -- C:\Program Files\FioWmf32.dll
    [1999/09/02 19:54:28 | 002,033,664 | ---- | M] (ABBYY Software House (BIT Software)) -- C:\Program Files\FOBJ420.DLL
    [2003/05/22 16:12:22 | 000,028,672 | ---- | M] () -- C:\Program Files\foldrlnk.dll
    [2002/08/27 13:48:54 | 000,000,329 | ---- | M] () -- C:\Program Files\FontTok.ini
    [2000/11/23 02:08:08 | 000,368,640 | ---- | M] () -- C:\Program Files\fpxlib.dll
    [1999/11/01 21:28:46 | 000,854,976 | ---- | M] () -- C:\Program Files\FRENCH.LCD
    [1999/11/01 21:28:34 | 000,107,075 | ---- | M] () -- C:\Program Files\FRENCH.LMD
    [2004/01/13 14:22:52 | 000,000,026 | ---- | M] () -- C:\Program Files\Function.ini
    [2001/08/24 07:25:28 | 001,706,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
    [1999/11/01 21:28:34 | 001,996,754 | ---- | M] () -- C:\Program Files\GERMAN.LCD
    [1999/11/01 21:27:58 | 000,290,211 | ---- | M] () -- C:\Program Files\GERMAN.LMD
    [2002/10/11 15:12:48 | 000,028,672 | ---- | M] () -- C:\Program Files\GetPhotoPath.dll
    [2011/12/03 15:08:27 | 000,000,064 | ---- | M] () -- C:\Program Files\GetPhotoPath.ini
    [1999/11/01 21:38:30 | 002,298,037 | ---- | M] () -- C:\Program Files\GREEK.LCD
    [1999/11/01 21:37:50 | 000,078,353 | ---- | M] () -- C:\Program Files\GREEK.LMD
    [1999/11/01 22:16:54 | 000,619,008 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\GRINF11.DLL
    [2003/04/09 23:51:32 | 000,028,672 | ---- | M] () -- C:\Program Files\hookdll.dll
    [1998/02/13 17:02:12 | 000,000,001 | ---- | M] () -- C:\Program Files\HUNGAR.LCD
    [2006/09/13 09:19:50 | 000,323,584 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\iConvert16.dll
    [2001/05/30 15:00:00 | 000,352,256 | ---- | M] (Intel Corporation) -- C:\Program Files\ijl15.dll
    [1999/11/01 22:16:12 | 000,644,096 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\IMAGE.DLL
    [2002/02/06 10:17:22 | 000,028,672 | ---- | M] () -- C:\Program Files\ImgToAviExe.dll
    [2005/03/28 17:31:16 | 000,331,776 | ---- | M] () -- C:\Program Files\imgtool.dll
    [2003/04/23 06:40:52 | 000,028,672 | ---- | M] () -- C:\Program Files\Import.dll
    [2003/05/26 09:58:22 | 000,122,880 | ---- | M] () -- C:\Program Files\ImportOldDB.exe
    [2003/05/22 16:07:52 | 000,024,576 | ---- | M] () -- C:\Program Files\InitCtrl.dll
    [2003/12/10 18:26:14 | 000,159,744 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\Ism.dll
    [2003/11/30 17:49:44 | 000,061,440 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\IsmDraw.dll
    [1999/11/01 21:30:34 | 002,511,811 | ---- | M] () -- C:\Program Files\ITALIAN.LCD
    [1999/11/01 21:29:56 | 000,247,882 | ---- | M] () -- C:\Program Files\ITALIAN.LMD
    [1999/01/13 23:48:28 | 000,536,146 | ---- | M] () -- C:\Program Files\ITALIC.PAT
    [1998/12/03 21:44:20 | 000,272,324 | ---- | M] () -- C:\Program Files\ITALIC.PTS
    [2000/11/23 02:06:30 | 000,114,688 | ---- | M] () -- C:\Program Files\jpeglib.dll
    [2005/02/04 16:03:32 | 000,031,744 | ---- | M] (Newsoft) -- C:\Program Files\JpgLib.dll
    [2002/03/16 23:03:30 | 001,933,312 | ---- | M] () -- C:\Program Files\lcppn22.dll
    [1999/11/01 22:20:06 | 001,122,816 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\LCSPELL.DLL
    [2004/12/30 21:23:46 | 000,003,095 | ---- | M] () -- C:\Program Files\LICENSE of Info-Zip.txt
    [2005/01/19 18:58:30 | 000,126,976 | ---- | M] () -- C:\Program Files\LiveUpdate.dll
    [2005/03/04 13:57:28 | 000,409,600 | ---- | M] () -- C:\Program Files\LiveUpdateTray.exe
    [2003/11/30 18:26:24 | 000,049,152 | ---- | M] () -- C:\Program Files\Lpm.dll
    [2006/06/29 03:10:12 | 000,000,164 | ---- | M] () -- C:\Program Files\LUTRAY.ini
    [2005/03/21 19:32:22 | 000,000,160 | ---- | M] () -- C:\Program Files\LUTRAYMSG.ini
    [2002/01/18 00:30:42 | 000,009,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\lzexpand.dlx
    [2005/02/02 10:02:00 | 000,028,672 | ---- | M] () -- C:\Program Files\mapilnk.dll
    [1999/01/14 23:11:32 | 000,439,460 | ---- | M] () -- C:\Program Files\MATRIX.PAT
    [1999/02/02 19:35:14 | 000,233,828 | ---- | M] () -- C:\Program Files\MATRIX.PTS
    [1998/06/01 07:04:00 | 000,040,448 | ---- | M] () -- C:\Program Files\memio.dll
    [2006/06/15 10:09:14 | 000,507,904 | ---- | M] () -- C:\Program Files\MergePDF.dll
    [1999/05/06 14:22:00 | 000,933,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MFC40.DLL
    [2000/01/11 03:00:00 | 000,995,383 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MFC42.DLL
    [2002/04/25 15:32:52 | 000,000,297 | ---- | M] () -- C:\Program Files\Mpg1
    [2003/05/20 10:33:06 | 000,020,480 | ---- | M] () -- C:\Program Files\MsMail.exe
    [2000/01/10 12:00:00 | 000,077,878 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
    [2000/01/11 12:00:00 | 000,565,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcp50.dll
    [1998/06/18 11:52:16 | 000,401,462 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSVCP60.DLL
    [2000/01/10 12:00:00 | 000,295,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
    [2002/10/08 09:51:46 | 000,028,672 | ---- | M] () -- C:\Program Files\NetDll.dll
    [2005/04/14 11:39:28 | 000,040,960 | ---- | M] () -- C:\Program Files\NetFun2K.dll
    [2005/04/14 11:39:38 | 000,040,960 | ---- | M] () -- C:\Program Files\NetFun98.dll
    [2004/12/20 10:40:32 | 000,077,824 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NetGroup.exe
    [2004/12/20 10:23:14 | 000,028,672 | ---- | M] () -- C:\Program Files\NetGroupDll.dll
    [2006/02/27 16:22:12 | 000,028,672 | ---- | M] () -- C:\Program Files\NetScanDll.dll
    [2002/12/19 01:33:00 | 000,002,538 | ---- | M] () -- C:\Program Files\NetScanDll.lib
    [2003/04/28 12:15:04 | 000,001,353 | ---- | M] () -- C:\Program Files\NetScan_Strings.ini
    [2003/04/11 01:45:44 | 000,527,624 | ---- | M] () -- C:\Program Files\Netsearch.avi
    [2005/06/01 00:28:14 | 000,009,606 | ---- | M] () -- C:\Program Files\NEWSOFT
    [2005/03/19 17:56:28 | 000,032,768 | ---- | M] () -- C:\Program Files\NewsoftLink.dll
    [2002/11/06 07:49:12 | 000,114,739 | ---- | M] () -- C:\Program Files\nextpwd.dll
    [1999/11/01 21:48:50 | 000,122,368 | ---- | M] () -- C:\Program Files\NGRMCSY.DLL
    [1999/11/01 21:48:54 | 000,037,888 | ---- | M] () -- C:\Program Files\NGRMDAN.DLL
    [1999/11/01 21:48:58 | 000,061,440 | ---- | M] () -- C:\Program Files\NGRMDUT.DLL
    [1999/11/01 21:49:06 | 000,025,088 | ---- | M] () -- C:\Program Files\NGRMENG.DLL
    [1999/11/01 21:49:18 | 000,027,136 | ---- | M] () -- C:\Program Files\NGRMFIN.DLL
    [1999/11/01 21:49:22 | 000,063,488 | ---- | M] () -- C:\Program Files\NGRMFRA.DLL
    [1999/11/01 21:49:26 | 000,039,424 | ---- | M] () -- C:\Program Files\NGRMGER.DLL
    [1999/11/01 21:49:32 | 000,040,960 | ---- | M] () -- C:\Program Files\NGRMGRE.DLL
    [1999/11/01 21:49:38 | 000,054,784 | ---- | M] () -- C:\Program Files\NGRMITA.DLL
    [1999/11/01 21:49:44 | 000,034,816 | ---- | M] () -- C:\Program Files\NGRMNON.DLL
    [1999/11/01 21:49:42 | 000,034,816 | ---- | M] () -- C:\Program Files\NGRMNOR.DLL
    [1999/11/01 21:49:48 | 000,059,392 | ---- | M] () -- C:\Program Files\NGRMPLK.DLL
    [1999/11/01 21:49:52 | 000,096,768 | ---- | M] () -- C:\Program Files\NGRMPTG.DLL
    [1999/11/01 21:50:00 | 000,034,816 | ---- | M] () -- C:\Program Files\NGRMRUS.DLL
    [1999/11/01 21:50:04 | 000,059,392 | ---- | M] () -- C:\Program Files\NGRMSPN.DLL
    [1999/11/01 21:50:08 | 000,040,960 | ---- | M] () -- C:\Program Files\NGRMSWE.DLL
    [1999/11/01 21:50:14 | 000,054,784 | ---- | M] () -- C:\Program Files\NGRMTRK.DLL

    END THIRD QUARTER OTL SCAN
     
    dispatch trophy,
    #14
  16. 2011/12/04
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    BEGINNING 4TH QUARTER OTL SCAN


    [1999/01/19 19:21:58 | 000,652,596 | ---- | M] () -- C:\Program Files\NORMAL.PAT
    [1999/01/18 22:36:42 | 000,443,488 | ---- | M] () -- C:\Program Files\NORMAL.PTS
    [1999/11/01 21:34:44 | 002,475,240 | ---- | M] () -- C:\Program Files\NORWBOK.LCD
    [1999/11/01 21:34:06 | 000,055,721 | ---- | M] () -- C:\Program Files\NORWBOK.LMD
    [1999/11/01 21:35:10 | 001,596,307 | ---- | M] () -- C:\Program Files\NORWNYN.LCD
    [1999/11/01 21:34:46 | 000,042,851 | ---- | M] () -- C:\Program Files\NORWNYN.LMD
    [2004/12/30 17:20:48 | 000,036,864 | ---- | M] () -- C:\Program Files\Noteslnk.DLL
    [2004/01/05 08:26:56 | 000,077,824 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\NSCDVD.dll
    [1998/07/23 10:08:28 | 000,061,440 | ---- | M] () -- C:\Program Files\NsFip.dll
    [2003/11/30 18:48:00 | 000,323,584 | ---- | M] () -- C:\Program Files\nsfpx.dll
    [2003/12/18 11:18:00 | 000,000,666 | ---- | M] () -- C:\Program Files\NsFunTable.DB
    [2003/12/18 11:17:56 | 000,000,398 | ---- | M] () -- C:\Program Files\NsKeyTable.DB
    [2004/03/03 10:18:20 | 000,049,152 | ---- | M] () -- C:\Program Files\NSMEM.dll
    [2003/12/18 13:52:46 | 000,032,768 | ---- | M] () -- C:\Program Files\NsOEMKey.dll
    [2003/02/20 10:39:06 | 000,557,056 | ---- | M] () -- C:\Program Files\NsPdf.dll
    [2005/07/01 13:14:28 | 000,069,632 | ---- | M] () -- C:\Program Files\NsSavePdf.exe
    [2006/02/15 16:04:50 | 000,098,304 | ---- | M] () -- C:\Program Files\NsScan.dll
    [2004/01/16 14:32:28 | 000,036,864 | ---- | M] () -- C:\Program Files\NsScanToOcr.exe
    [2006/09/20 10:46:34 | 000,061,440 | ---- | M] () -- C:\Program Files\NsScanToPdf.exe
    [2005/06/08 16:40:12 | 000,040,960 | ---- | M] () -- C:\Program Files\NsWaitApp.exe
    [2006/02/15 16:25:04 | 000,049,152 | ---- | M] () -- C:\Program Files\NSWia.dll
    [2004/02/09 12:01:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NSWinZip.dll
    [1996/03/21 05:51:10 | 000,024,576 | ---- | M] () -- C:\Program Files\NTSTHK16.DLL
    [1996/03/21 05:48:28 | 000,018,944 | ---- | M] () -- C:\Program Files\NTSTHK32.DLL
    [2006/07/19 17:35:52 | 000,126,976 | ---- | M] () -- C:\Program Files\OCR.dll
    [2003/04/16 17:11:30 | 000,000,064 | ---- | M] () -- C:\Program Files\ocr.str
    [2004/03/21 18:57:28 | 000,028,672 | ---- | M] () -- C:\Program Files\OCRLang.dll
    [2004/03/22 11:56:48 | 000,000,603 | ---- | M] () -- C:\Program Files\OCRLang.ini
    [2005/03/28 17:27:38 | 000,126,976 | ---- | M] () -- C:\Program Files\OCRUtil.dll
    [2001/07/31 18:09:26 | 000,168,448 | ---- | M] () -- C:\Program Files\OLDPNG32.DLL
    [2002/10/08 10:26:04 | 000,000,000 | ---- | M] () -- C:\Program Files\OnLine.txt
    [1999/09/15 02:52:24 | 000,557,056 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\OSmScan.exe
    [2004/12/31 13:11:56 | 000,028,672 | ---- | M] () -- C:\Program Files\OutlookVBA.dll
    [1999/09/17 13:11:38 | 000,120,320 | ---- | M] () -- C:\Program Files\pack.dll
    [1992/01/15 16:20:00 | 000,036,864 | ---- | M] () -- C:\Program Files\Palette.map
    [2005/06/15 19:56:54 | 000,001,676 | ---- | M] () -- C:\Program Files\Paper.lst
    [1999/01/18 22:10:02 | 000,055,900 | ---- | M] () -- C:\Program Files\PART.PAT
    [1998/06/05 21:10:22 | 000,026,384 | ---- | M] () -- C:\Program Files\PART.PTS
    [2005/03/28 17:31:34 | 000,245,760 | ---- | M] () -- C:\Program Files\pccrsdk.dll
    [1995/08/01 04:44:46 | 000,212,480 | ---- | M] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
    [2005/03/09 09:35:48 | 001,239,616 | ---- | M] (PDFlib GmbH) -- C:\Program Files\pdflib.dll
    [2005/03/19 18:56:22 | 000,040,960 | ---- | M] () -- C:\Program Files\PDFWDLL.dll
    [2006/08/01 10:27:04 | 000,110,592 | ---- | M] () -- C:\Program Files\PDFWriter.dll
    [2006/08/21 09:28:16 | 000,045,056 | ---- | M] () -- C:\Program Files\PerformOcr.dll
    [2004/12/27 12:31:14 | 000,069,632 | ---- | M] () -- C:\Program Files\PHooKDlg.dll
    [2011/12/03 16:00:11 | 000,002,070 | ---- | M] () -- C:\Program Files\Pm.ini
    [2002/12/11 11:37:14 | 000,090,112 | ---- | M] () -- C:\Program Files\Pm60DB.dll
    [2005/07/15 17:01:08 | 000,131,072 | ---- | M] () -- C:\Program Files\PMANO.dll
    [2005/05/25 16:51:22 | 000,315,392 | ---- | M] () -- C:\Program Files\PMAnoSet.dll
    [2005/03/11 16:27:14 | 000,294,912 | ---- | M] () -- C:\Program Files\PMAppBar.dll
    [2006/09/26 17:20:14 | 000,051,136 | ---- | M] () -- C:\Program Files\Pmapps.ini
    [2004/07/01 16:24:22 | 000,001,879 | ---- | M] () -- C:\Program Files\PMAPPU.INI
    [2005/09/06 10:47:46 | 000,102,400 | ---- | M] () -- C:\Program Files\PMApSet.dll
    [2006/09/14 10:41:44 | 000,155,648 | ---- | M] () -- C:\Program Files\PMCommon.dll
    [2003/12/26 10:42:48 | 000,045,056 | ---- | M] () -- C:\Program Files\pmdata.dll
    [2006/01/12 20:23:46 | 000,249,856 | ---- | M] () -- C:\Program Files\PMDB.dll
    [2005/02/22 10:13:44 | 000,094,208 | ---- | M] () -- C:\Program Files\PMDocVW.dll
    [2003/12/18 18:00:32 | 000,000,153 | ---- | M] () -- C:\Program Files\PMDrvStr.ini
    [2003/04/23 06:40:52 | 000,045,056 | ---- | M] () -- C:\Program Files\PMExeBud.dll
    [2004/05/28 14:46:22 | 000,040,960 | ---- | M] () -- C:\Program Files\PMIEVW.dll
    [2005/07/29 18:10:04 | 000,176,128 | ---- | M] () -- C:\Program Files\PMImgVW.dll
    [2006/08/21 10:42:24 | 000,180,307 | ---- | M] () -- C:\Program Files\PMINSO.dll
    [2005/08/15 09:13:50 | 000,057,344 | ---- | M] () -- C:\Program Files\PMISM.dll
    [1997/08/06 01:32:02 | 000,005,056 | ---- | M] () -- C:\Program Files\PMMAIL.EXE
    [2003/04/23 06:40:56 | 000,024,576 | ---- | M] (NewSoft Technology Corporation.) -- C:\Program Files\PMMKView.dll
    [2004/02/13 10:33:44 | 000,073,728 | ---- | M] () -- C:\Program Files\PMNotes.exe
    [2004/12/28 10:14:46 | 000,000,786 | ---- | M] () -- C:\Program Files\pmNotes.str
    [2006/09/19 14:54:04 | 000,290,816 | ---- | M] () -- C:\Program Files\PMPageVW.dll
    [2005/03/14 15:50:14 | 000,036,864 | ---- | M] () -- C:\Program Files\PMPDFView.dll
    [2003/12/01 19:27:12 | 000,000,442 | ---- | M] () -- C:\Program Files\PMPDFView.str
    [2005/07/25 19:53:24 | 000,086,016 | ---- | M] () -- C:\Program Files\PMProp.dll
    [2006/09/26 16:45:22 | 000,081,920 | ---- | M] () -- C:\Program Files\PMSave.dll
    [2006/09/20 10:36:24 | 000,036,864 | ---- | M] () -- C:\Program Files\PMSavePdf.dll
    [2004/12/06 11:16:48 | 000,000,234 | ---- | M] () -- C:\Program Files\pmsavepdf.str
    [2006/09/26 16:57:02 | 000,032,768 | ---- | M] () -- C:\Program Files\PMSaveXPS.dll
    [2006/10/10 17:24:16 | 000,147,456 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\Pmsb.exe
    [2011/12/03 15:08:27 | 000,001,725 | ---- | M] () -- C:\Program Files\pmsb.ini
    [2005/01/18 17:01:56 | 000,000,890 | ---- | M] () -- C:\Program Files\pmsb.str
    [2005/01/13 11:12:08 | 000,045,056 | ---- | M] () -- C:\Program Files\pmsb_CN.exe
    [2006/08/22 09:02:32 | 000,180,224 | ---- | M] () -- C:\Program Files\PMScnSet.dll
    [2006/09/15 09:06:24 | 000,151,552 | ---- | M] () -- C:\Program Files\PMSearch.dll
    [2005/04/08 09:28:06 | 000,049,152 | ---- | M] () -- C:\Program Files\PMSet.dll
    [2004/06/02 14:47:30 | 000,000,210 | ---- | M] () -- C:\Program Files\pmset.ini
    [2002/03/08 09:00:22 | 000,000,325 | ---- | M] () -- C:\Program Files\pmsetap.ini
    [2005/08/08 14:20:20 | 000,057,344 | ---- | M] () -- C:\Program Files\PMStatus.dll
    [2006/02/27 16:23:06 | 000,274,516 | ---- | M] (NewSoft Technology Corporation.) -- C:\Program Files\PMToApp.dll
    [2004/12/20 13:19:26 | 000,366,888 | ---- | M] () -- C:\Program Files\PMToApp.ilk
    [2006/08/21 09:57:04 | 000,253,952 | ---- | M] () -- C:\Program Files\PMTree.dll
    [2006/01/12 15:04:24 | 000,397,312 | ---- | M] (NewSoft) -- C:\Program Files\pmtwain.dll
    [2004/01/12 11:45:46 | 000,028,672 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\pmVideo.dll
    [2006/09/18 18:05:00 | 001,171,456 | ---- | M] () -- C:\Program Files\PMView.dll
    [2006/09/14 15:03:14 | 000,285,367 | ---- | M] () -- C:\Program Files\PMVIEW.EX_
    [2006/09/14 15:07:06 | 000,098,304 | ---- | M] () -- C:\Program Files\PMVLink.dll
    [2004/05/28 14:46:08 | 000,040,960 | ---- | M] () -- C:\Program Files\PMVoice.dll
    [2006/09/26 19:14:22 | 000,032,768 | ---- | M] () -- C:\Program Files\PMXpsCreator.dll
    [2006/09/19 11:46:42 | 000,024,576 | ---- | M] () -- C:\Program Files\PMXpsHostView.dll
    [2006/09/19 11:46:42 | 000,040,448 | ---- | M] () -- C:\Program Files\PMXpsView.dll
    [1999/11/01 21:35:46 | 001,094,057 | ---- | M] () -- C:\Program Files\POLISH.LCD
    [1999/11/01 21:35:26 | 000,155,990 | ---- | M] () -- C:\Program Files\POLISH.LMD
    [1999/11/01 21:35:24 | 000,798,902 | ---- | M] () -- C:\Program Files\PORTUG.LCD
    [1999/11/01 21:35:12 | 000,101,600 | ---- | M] () -- C:\Program Files\PORTUG.LMD
    [2005/03/28 17:31:00 | 000,172,032 | ---- | M] () -- C:\Program Files\post.dll
    [2004/04/14 16:47:16 | 000,028,672 | ---- | M] () -- C:\Program Files\PowerTVBA.dll
    [2006/09/26 16:59:32 | 004,022,272 | ---- | M] (NEWSOFT) -- C:\Program Files\Prestopm.exe
    [2006/09/20 17:01:08 | 000,048,866 | ---- | M] () -- C:\Program Files\prestopm.str
    [2005/02/18 17:42:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Prestopm_CN.exe
    [2006/09/14 10:44:18 | 000,049,152 | ---- | M] () -- C:\Program Files\Print.dll
    [2005/04/14 12:02:04 | 000,000,918 | ---- | M] () -- C:\Program Files\Print.str
    [2005/08/08 09:18:06 | 000,303,104 | ---- | M] (NewSoft) -- C:\Program Files\PrintFun.exe
    [2005/07/15 17:04:26 | 000,032,768 | ---- | M] () -- C:\Program Files\PrintFunLnk.dll
    [2003/10/15 15:48:16 | 000,045,056 | ---- | M] () -- C:\Program Files\PrintHook.dll
    [2004/12/20 13:19:54 | 000,024,576 | ---- | M] () -- C:\Program Files\printlnk.dll
    [2006/07/27 14:32:02 | 000,053,248 | ---- | M] () -- C:\Program Files\PrnDrvSetup.dll
    [2006/07/27 16:27:48 | 000,000,702 | ---- | M] () -- C:\Program Files\PrnSetup.ini
    [2002/06/06 15:21:24 | 000,028,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Psapi.dll
    [2004/01/12 12:09:48 | 000,245,760 | ---- | M] (NewSoft) -- C:\Program Files\PSaver.scr
    [2006/09/13 09:17:08 | 000,241,664 | ---- | M] (NewSoft) -- C:\Program Files\PShow.exe
    [1998/01/22 07:13:46 | 000,165,888 | ---- | M] () -- C:\Program Files\PTLIB.dll
    [2003/11/30 18:26:34 | 000,098,304 | ---- | M] () -- C:\Program Files\Qem.dll
    [2006/09/14 15:07:08 | 000,208,896 | ---- | M] () -- C:\Program Files\RapDocImg.dll
    [2004/12/24 15:45:56 | 000,032,768 | ---- | M] () -- C:\Program Files\ReadFileData.dll
    [2005/04/01 14:25:36 | 000,008,970 | ---- | M] () -- C:\Program Files\Readme.txt
    [2003/12/30 14:32:34 | 000,028,672 | ---- | M] () -- C:\Program Files\ReadTxtInfo.dll
    [2005/03/28 17:28:02 | 000,331,776 | ---- | M] () -- C:\Program Files\Recogn.dll
    [1999/11/01 22:26:54 | 001,699,840 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\RECPAGE.DLL
    [2005/01/31 10:51:32 | 000,024,576 | ---- | M] () -- C:\Program Files\regapp.exe
    [2002/04/10 11:18:00 | 000,024,576 | ---- | M] () -- C:\Program Files\RegSession.dll
    [2003/06/27 09:28:58 | 000,003,126 | ---- | M] () -- C:\Program Files\RemoveIcons.ico
    [2004/01/30 10:03:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Restore.dll
    [2003/12/23 16:35:36 | 000,045,056 | ---- | M] (NewSoft ) -- C:\Program Files\RestoreFile.exe
    [1998/07/27 14:03:06 | 000,000,004 | ---- | M] () -- C:\Program Files\RPR371.JRT
    [2005/01/17 18:52:04 | 000,028,672 | ---- | M] () -- C:\Program Files\SaveToJpg.dll
    [1999/11/02 14:14:20 | 001,073,664 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\SCANMAN.DRV
    [2006/09/26 16:58:38 | 000,094,208 | ---- | M] () -- C:\Program Files\ScanModule.dll
    [2006/03/03 11:51:22 | 000,000,331 | ---- | M] () -- C:\Program Files\ScanModule.str
    [1999/11/04 01:28:06 | 000,008,781 | ---- | M] () -- C:\Program Files\SCANNERS.DAT
    [2003/11/30 18:27:14 | 000,036,864 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\ScrBase.dll
    [1998/07/01 08:43:10 | 000,021,180 | ---- | M] () -- C:\Program Files\search.avi
    [2005/03/28 17:28:14 | 000,327,680 | ---- | M] () -- C:\Program Files\Segment.dll
    [2001/09/05 04:05:04 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\shfolder.dll
    [2006/09/26 14:16:04 | 000,868,352 | ---- | M] () -- C:\Program Files\SlideBarDLL.dll
    [2003/05/22 16:12:40 | 000,028,672 | ---- | M] () -- C:\Program Files\sosalnk.dll
    [1999/11/01 21:29:56 | 001,489,272 | ---- | M] () -- C:\Program Files\SPANISH.LCD
    [1999/11/01 21:29:28 | 000,226,690 | ---- | M] () -- C:\Program Files\SPANISH.LMD
    [1999/11/01 21:32:24 | 001,862,662 | ---- | M] () -- C:\Program Files\SWEDISH.LCD
    [1999/11/01 21:31:56 | 000,086,680 | ---- | M] () -- C:\Program Files\SWEDISH.LMD
    [2003/11/30 18:27:22 | 000,053,248 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files\Tcm.dll
    [2003/01/25 05:54:24 | 000,028,672 | ---- | M] () -- C:\Program Files\TestImage2Pdf.dll
    [2001/12/14 18:56:59 | 000,017,408 | -HS- | M] () -- C:\Program Files\Thumbs.db
    [2003/06/27 09:29:08 | 000,008,478 | ---- | M] () -- C:\Program Files\Trash.ico
    [1999/11/01 21:39:06 | 001,388,424 | ---- | M] () -- C:\Program Files\TURKISH.LCD
    [1999/11/01 21:38:44 | 000,241,073 | ---- | M] () -- C:\Program Files\TURKISH.LMD
    [1999/01/15 20:00:54 | 000,326,738 | ---- | M] () -- C:\Program Files\TYPEWRIT.PAT
    [1999/01/15 19:47:34 | 000,227,468 | ---- | M] () -- C:\Program Files\TYPEWRIT.PTS
    [2003/04/14 21:26:12 | 000,172,032 | ---- | M] (newsoftinc) -- C:\Program Files\UciG3432.dll
    [2003/11/30 17:46:46 | 000,151,552 | ---- | M] (newsoftinc) -- C:\Program Files\UciJpg32.dll
    [2002/12/20 01:30:18 | 000,024,576 | ---- | M] () -- C:\Program Files\UFioDll.dll
    [1997/10/30 10:37:46 | 000,060,416 | ---- | M] () -- C:\Program Files\UFSE.DLL
    [1997/12/06 06:23:26 | 000,057,344 | ---- | M] () -- C:\Program Files\umxnts32.dll
    [1999/01/15 17:00:10 | 000,493,316 | ---- | M] () -- C:\Program Files\UNDERLIN.PAT
    [2004/01/12 15:05:00 | 000,020,480 | ---- | M] () -- C:\Program Files\UnInstall.exe
    [1997/12/24 11:49:30 | 000,112,128 | ---- | M] () -- C:\Program Files\UNPACK.DLL
    [2002/12/20 01:37:54 | 000,036,864 | ---- | M] () -- C:\Program Files\unregapp.exe
    [2002/02/18 02:58:32 | 000,098,304 | ---- | M] (Info-ZIP) -- C:\Program Files\unzip32.dll
    [1996/05/10 00:45:54 | 000,046,592 | ---- | M] () -- C:\Program Files\UXFSE.DLL
    [2002/04/25 15:01:38 | 000,000,297 | ---- | M] () -- C:\Program Files\Vcd_NTSC
    [2003/02/19 10:46:12 | 000,000,297 | ---- | M] () -- C:\Program Files\Vcd_PAL
    [2002/12/03 16:45:32 | 000,049,152 | ---- | M] () -- C:\Program Files\VideoData.dll
    [2003/09/19 14:34:30 | 000,024,576 | ---- | M] () -- C:\Program Files\VisioVBA.dll
    [2002/06/06 15:21:24 | 000,110,592 | ---- | M] () -- C:\Program Files\Wait.exe
    [2002/05/10 03:48:50 | 000,000,462 | ---- | M] () -- C:\Program Files\WEBSYNC.INI
    [2005/01/17 09:24:26 | 000,229,376 | ---- | M] (WebStorage Corporation) -- C:\Program Files\WebSyncEx.dll
    [2004/04/14 16:47:20 | 000,036,864 | ---- | M] () -- C:\Program Files\WordVBA.dll
    [2005/09/13 16:10:10 | 000,483,328 | ---- | M] () -- C:\Program Files\WpdfViewer.exe
    [2005/03/04 16:58:20 | 000,004,288 | ---- | M] () -- C:\Program Files\WpdfViewer.tlb
    [2005/07/13 17:58:20 | 000,057,344 | ---- | M] () -- C:\Program Files\WriteData2Pdf.dll
    [2005/06/30 13:55:38 | 000,045,056 | ---- | M] () -- C:\Program Files\WriteDriver2Pdf.dll
    [2006/02/22 10:15:26 | 000,045,056 | ---- | M] () -- C:\Program Files\WriteIfo2Pdf.dll
    [2003/09/19 14:32:20 | 000,040,960 | ---- | M] () -- C:\Program Files\WriteOcr2Pdf.dll
    [2003/11/18 10:43:20 | 000,024,576 | ---- | M] () -- C:\Program Files\WriteTxt2Pdf.dll
    [2011/12/03 15:08:29 | 000,002,336 | ---- | M] () -- C:\Program Files\xpdfrc
    [2006/09/26 19:05:52 | 000,031,744 | ---- | M] () -- C:\Program Files\XpsCreator.dll
    [1999/12/21 18:33:28 | 000,135,168 | ---- | M] (Info-ZIP) -- C:\Program Files\zip32.dll

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2001/12/14 04:30:12 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2001/12/14 04:30:12 | 000,610,304 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2001/12/14 04:30:12 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2001/12/14 12:38:47 | 000,000,214 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2001/12/19 17:29:37 | 000,001,670 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\winbom.log

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2001/12/14 12:45:26 | 000,000,160 | -HS- | M] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2001/12/14 12:45:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/04 12:06:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user account\Desktop\OTL.exe
    [2011/12/01 19:50:06 | 014,468,144 | ---- | M] (Verizon ) -- C:\Documents and Settings\user account\Desktop\VZ_Activation.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2001/12/14 12:45:25 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\user account\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/12/04 12:19:03 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\user account\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2001/08/18 04:00:00 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
    [2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2001/08/01 22:08:36 | 000,047,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2001/08/01 21:58:12 | 000,147,487 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2001/08/02 07:14:34 | 001,077,277 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
    [2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
    [2001/08/18 04:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2001/08/18 04:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2001/08/18 04:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
    dispatch trophy,
    #15
  17. 2011/12/04
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    Extras.txt

    EXTRAS.TXT

    OTL Extras logfile created on: 12/4/2011 12:12:25 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user account\Desktop
    Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2600.0000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.53 Mb Total Physical Memory | 156.48 Mb Available Physical Memory | 30.59% Memory free
    1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.75% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 28.00 Gb Total Space | 22.30 Gb Free Space | 79.66% Space Free | Partition Type: NTFS
    Drive D: | 48.33 Gb Total Space | 47.93 Gb Free Space | 99.17% Space Free | Partition Type: NTFS

    Computer Name: VALUED-7B9600FA | User Name: user account | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00609F70-5043-4C20-895A-D6EF7ACE9304}" = PicoPlayerSplashScreen
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper
    "{2FAF5A9F-7EDE-4F1A-B082-C95A9F420630}" = Media Bar 3.2.12
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.2
    "{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
    "{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP
    "{4B6F4C00-E935-11D3-A98A-0080986030D9}" = Smart Capture
    "{5C70C75F-A265-4C62-B90F-8F80AA69F262}" = PicoPlayer Demo
    "{5FF58521-5E44-11D4-A433-00105A8547C6}" = PictureGear 5.1
    "{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}" = VAIO Help & Support
    "{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
    "{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}" = VAIO Registration
    "{72275927-4241-46A7-A9C4-B86C6B256EB6}" = ImageStation Demo
    "{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
    "{802EF464-4992-42B3-8434-45151AD3C933}" = VAIO Serenus Wallpaper
    "{8139011A-4039-46C7-8614-A3F8948121AD}" = PicoPlayer
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{A228A09C-4826-42E0-A3D8-95B2BAAB5049}" = OpenMG Secure Module 3.0.01
    "{ACEC9C3E-0100-4EBE-B298-35A2145828A0}" = VAIO Brezza Wallpaper
    "{AD3B1DDF-52AD-405E-B931-7ACF76937E5F}" = ImageStation
    "{B5B0ABC0-3177-11D3-AC45-0000F879D920}" = VisualFlow 2.1
    "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
    "{CBE331E3-CB6B-46a3-A669-2C6DABBA2601}" = TheWorld Browser 2.4 Final (2.4.1.2)
    "{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
    "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
    "{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
    "{E2069DE3-5924-4766-A385-CDA273885A31}" = DigitalPrint 1.1
    "{E52F43B3-1638-4624-9ACF-B130130AA13E}" = Experience VAIO
    "{E535DC62-56D6-11D5-8AE3-00105A7276CD}" = SonicStage 1.1.00
    "{F3CB4DC0-4FC0-11D5-9254-0000F460E7A9}" = SonicStage CD-R Writing Module
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "Canon CanoScan LiDE 600F User Registration" = Canon CanoScan LiDE 600F User Registration
    "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
    "DVD Express A/V Pak" = DVDExpress
    "hp instant support" = hp instant support
    "hp officejet v series 1322697509" = hp officejet v series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Motion JPEG Software Decoder" = Motion JPEG Software Decoder
    "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "PhotoPrinter 2000 Pro" = PhotoPrinter 2000 Pro
    "Q307271" = Windows XP Hotfix (SP1) [See Q307271 for more information]
    "Q308677" = Windows XP Hotfix (SP1) [See Q308677 for more information]
    "Q311889" = Windows XP Hotfix (SP1) [See Q311889 for more information]
    "Q312368" = Windows XP Hotfix (SP1) [See Q312368 for more information]
    "Quicken 2002 New User Edition" = Quicken 2002 New User Edition
    "QuickTime" = QuickTime
    "RealJukebox 1.0" = RealJukebox
    "RealPlayer 6.0" = RealPlayer Basic
    "Sony on Yahoo! Essentials" = Sony on Yahoo! Essentials
    "VAIO Support" = VAIO Support
    "verizontb" = Verizon Toolbar
    "Works2003Setup" = Microsoft Works 2003 Setup Launcher

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/3/2011 8:06:24 PM | Computer Name = VALUED-7B9600FA | Source = Application Hang | ID = 1001
    Description = Fault bucket 272782724.

    Error - 12/3/2011 11:13:10 PM | Computer Name = VALUED-7B9600FA | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 12/3/2011 11:13:10 PM | Computer Name = VALUED-7B9600FA | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    Error - 12/4/2011 2:02:56 AM | Computer Name = VALUED-7B9600FA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: 0x2eff

    Error - 12/4/2011 2:02:56 AM | Computer Name = VALUED-7B9600FA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: 0x8ca

    Error - 12/4/2011 2:02:56 AM | Computer Name = VALUED-7B9600FA | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: 0x8ca

    Error - 12/4/2011 6:22:16 AM | Computer Name = VALUED-7B9600FA | Source = Application Error | ID = 1000
    Description = Faulting application hposts07.exe, version 1.0.0.0, faulting module
    hpodvi07.dll, version 2.0.0.0, fault address 0x00022a79.

    Error - 12/4/2011 6:22:55 AM | Computer Name = VALUED-7B9600FA | Source = Application Error | ID = 1001
    Description = Fault bucket 12265003.

    Error - 12/4/2011 3:35:10 PM | Computer Name = VALUED-7B9600FA | Source = Application Error | ID = 1000
    Description = Faulting application hposts07.exe, version 1.0.0.0, faulting module
    hpodvi07.dll, version 2.0.0.0, fault address 0x00022a79.

    Error - 12/4/2011 3:35:14 PM | Computer Name = VALUED-7B9600FA | Source = Application Error | ID = 1001
    Description = Fault bucket 12265003.

    [ System Events ]
    Error - 12/4/2011 3:23:35 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7000
    Description = The Terminal Services service failed to start due to the following
    error: %%1053

    Error - 12/4/2011 3:23:36 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Terminal Services service
    to connect.

    Error - 12/4/2011 3:23:36 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7000
    Description = The Terminal Services service failed to start due to the following
    error: %%1053

    Error - 12/4/2011 3:23:36 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7001
    Description = The Fast User Switching Compatibility service depends on the Terminal
    Services service which failed to start because of the following error: %%1053

    Error - 12/4/2011 3:35:58 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7000
    Description = The wscsvc service failed to start due to the following error: %%1083

    Error - 12/4/2011 3:36:08 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Terminal Services service
    to connect.

    Error - 12/4/2011 3:36:08 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7000
    Description = The Terminal Services service failed to start due to the following
    error: %%1053

    Error - 12/4/2011 3:36:09 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Terminal Services service
    to connect.

    Error - 12/4/2011 3:36:09 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7000
    Description = The Terminal Services service failed to start due to the following
    error: %%1053

    Error - 12/4/2011 3:36:09 PM | Computer Name = VALUED-7B9600FA | Source = Service Control Manager | ID = 7001
    Description = The Fast User Switching Compatibility service depends on the Terminal
    Services service which failed to start because of the following error: %%1053


    < End of report >
     
    dispatch trophy,
    #16
  18. 2011/12/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You didn't answer my question:
     
    broni,
    #17
  19. 2011/12/04
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    I note a lot of "errors" and "fail" notices in the extras results.
     
    dispatch trophy,
    #18
  20. 2011/12/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Don't worry about logs. That's up to me to review them.
    All I need to know is if you're having any issues right now.
     
    broni,
    #19
  21. 2011/12/04
    dispatch trophy Contributing Member

    dispatch trophy Inactive Thread Starter

    Joined:
    2011/09/30
    Messages:
    402
    Likes Received:
    0
    Yes, the internet activity is still too slow. Pages often hang. The scroll bar often freezes.

    I still cannot download Chrome or Microsoft service packs. Some sites take much longer than others.

    I just uninstalled World browser because, when I would copy and paste one URL into the search box, it would revert to an aborted URL I tried 3 days ago.

    Although my dsl at 100 kbps is not the fastest, I believe it was faster before.
     
    dispatch trophy,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...