how to remove y.exe?

I have some kind of virus on a couple of computers. It appears as a file y.exe in the C:\Program Files\Internet Explorer folder and as y.exe in the processes tab of the Task Manager.

On this computer it plays an annoying song on start up and interfers with the sound on the computer. On the other computer it appears to interfer with the Terminal Server connection and the operation of some other software. You can "End process" in the task manager which seems to stop the problems and then delete the file but it re-creates at the next start up.

The OTL scan gives the attached.

Any help gratefully received.
Thanks.

Sorry - OTL log: Part 1


OTL logfile created on: 17/08/2010 2:56:28 a.m. - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\John\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 200.78 Gb Free Space | 67.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.65 Gb Total Space | 420.51 Gb Free Space | 90.31% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNHOME
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/17 02:54:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\My Documents\Downloads\OTL.com
PRC - [2010/07/31 12:18:11 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/11 09:26:04 | 000,106,496 | ---- | M] () -- c:\Program Files\HIMSA\Noah Database Tools\NOAHDatabaseSchedulerService.exe
PRC - [2009/12/11 09:25:12 | 000,065,536 | ---- | M] (Himsa A/S) -- C:\Program Files\HIMSA\Noah Database Tools\NoahDatabaseTrayMenu.exe
PRC - [2009/12/11 09:00:12 | 000,020,480 | ---- | M] (HIMSA A/S) -- C:\Program Files\HIMSA\NOAH System\ExecutableFiles\NSAFiles\DBServerHostSvc.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/11 14:31:14 | 040,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.HIMSA\MSSQL\Binn\sqlservr.exe
PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/08 17:24:40 | 000,622,592 | ---- | M] (TASCAM) -- C:\WINDOWS\system32\FireOnecp.exe
PRC - [2007/02/22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/02/22 20:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/02/22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/12/19 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/12/19 11:27:54 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 11:27:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2010/08/17 02:54:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\My Documents\Downloads\OTL.com
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/11 09:26:04 | 000,106,496 | ---- | M] () [Auto | Running] -- c:\Program Files\HIMSA\Noah Database Tools\NOAHDatabaseSchedulerService.exe -- (NOAHDatabaseSchedulerService)
SRV - [2009/12/11 09:00:12 | 000,020,480 | ---- | M] (HIMSA A/S) [Auto | Running] -- C:\Program Files\HIMSA\NOAH System\ExecutableFiles\NSAFiles\DBServerHostSvc.exe -- (NOAHDatabaseServerHost)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/16 00:08:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/11 14:31:14 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.HIMSA\MSSQL\Binn\sqlservr.exe -- (MSSQL$HIMSA) SQL Server (HIMSA)
SRV - [2008/08/11 14:31:14 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.HIMSA\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$HIMSA) SQL Server Agent (HIMSA)
SRV - [2008/08/11 14:31:12 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/07/10 02:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/02/22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/12/19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/04/03 22:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/11/18 10:42:52 | 000,461,952 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
DRV - [2007/03/08 17:24:40 | 000,102,272 | ---- | M] (CEntrance, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FireOne.sys -- (TascamFireOneSrv) Tascam FireOne Audio Driver (WDM)
DRV - [2007/02/22 20:50:00 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2003/08/07 16:42:30 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.nz"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/08 18:51:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/08 18:51:48 | 000,000,000 | ---D | M]

[2009/04/04 01:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2010/08/08 16:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\938dtqq5.default\extensions
[2010/06/14 21:51:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\938dtqq5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/14 20:40:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\938dtqq5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/14 21:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\938dtqq5.default\extensions\foxyproxy@eric.h.jung
[2010/08/08 16:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 22:53:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/18 13:16:18 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/06/18 13:36:06 | 000,108,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/08/08 18:51:44 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/08 18:51:44 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/08 18:51:44 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/08 18:51:44 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/15 11:25:17 | 000,162,910 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 Norton.com
O1 - Hosts: 127.0.0.1 help.norton.com
O1 - Hosts: 127.0.0.1 mail.norton.com
O1 - Hosts: 127.0.0.1 mail.norton.com
O1 - Hosts: 127.0.0.1 mx-buy1.norton.com
O1 - Hosts: 127.0.0.1 mx-buy2.norton.com
O1 - Hosts: 127.0.0.1 tus1smtinbpex01.symantec.com
O1 - Hosts: 127.0.0.1 excu-mxib-2.symantec.com
O1 - Hosts: 127.0.0.1 excu-mxib-1.symantec.com
O1 - Hosts: 127.0.0.1 tus1smtinbpex02.symantec.com
O1 - Hosts: 127.0.0.1 mail.panda-antivirus.no
O1 - Hosts: 127.0.0.1 panda-antivirus.no
O1 - Hosts: 127.0.0.1 pctools.com
O1 - Hosts: 127.0.0.1 forum.pctools.com
O1 - Hosts: 127.0.0.1 mail.pctools.com
O1 - Hosts: 127.0.0.1 free.avg.com
O1 - Hosts: 127.0.0.1 blog.avg.com
O1 - Hosts: 127.0.0.1 blogs.avg.com
O1 - Hosts: 127.0.0.1 gtm-nyc.avg.com
O1 - Hosts: 127.0.0.1 gtm-self.avg.com
O1 - Hosts: 127.0.0.1 avg.com
O1 - Hosts: 127.0.0.1 avast.com
O1 - Hosts: 127.0.0.1 blog.avast.com
O1 - Hosts: 127.0.0.1 forum.avast.com
O1 - Hosts: 3714 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe ()
O4 - HKLM..\Run: [NOAHDatabaseTrayMenu] c:\Program Files\HIMSA\Noah Database Tools\NoahDatabaseTrayMenu.exe (Himsa A/S)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartFireOneApplet] C:\WINDOWS\System32\FireOnecp.exe (TASCAM)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Microsoft.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261548033734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261548023593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/John/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/03 23:17:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5faac7e4-889a-11de-912e-001d60a6ee1f}\Shell - "" = AutoRun
O33 - MountPoints2\{5faac7e4-889a-11de-912e-001d60a6ee1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{953b85ec-ceb3-11de-913b-001d60a6ee1f}\Shell - "" = AutoRun
O33 - MountPoints2\{953b85ec-ceb3-11de-913b-001d60a6ee1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{953b85ec-ceb3-11de-913b-001d60a6ee1f}\Shell\open\command - "" = F:\usb.exe -- File not found
O33 - MountPoints2\{ee2d45bc-2046-11de-9105-a30e1dc0f24e}\Shell - "" = AutoRun
O33 - MountPoints2\{ee2d45bc-2046-11de-9105-a30e1dc0f24e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee2d45bc-2046-11de-9105-a30e1dc0f24e}\Shell\open\command - "" = usb.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0362B4A8-7BB1-4A3D-DDEF-CD0D8AD9400F} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {626D1081-3E8B-9EF0-925C-AD83A0D804E6} - Microsoft VM
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C409BDE0-DF6C-6C62-C924-D6A23F198CA0} - Microsoft Windows Media Player 6.4
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/17 02:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/08/17 02:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/08/17 00:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\CustAppMgrDemo
[2010/08/17 00:46:42 | 006,587,920 | ---- | C] (Steema Software SL) -- C:\WINDOWS\System32\TeeChart8.ocx
[2010/08/17 00:46:40 | 000,135,168 | ---- | C] (Tri-Sector) -- C:\WINDOWS\System32\VLVCtl5.ocx
[2010/08/17 00:46:40 | 000,053,248 | ---- | C] (Kenneth Ives kenaso@home.com) -- C:\WINDOWS\System32\CryptKci.dll
[2010/08/17 00:46:38 | 000,589,824 | ---- | C] (DBI Technologies Inc.) -- C:\WINDOWS\System32\ctGrid.ocx
[2010/08/17 00:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Customer Appointment Manager Demo
[2010/08/17 00:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Customer Appointment Manager Pro
[2010/08/15 01:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/08/15 01:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/08/15 00:43:26 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$HIMSA-sqlctr10.0.1600.22.dll
[2010/08/15 00:42:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2010/08/15 00:17:24 | 000,147,456 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\System32\p2smon.dll
[2010/08/15 00:17:24 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2010/08/15 00:17:23 | 005,337,088 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\crpe32.dll
[2010/08/15 00:17:22 | 000,525,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DBGRID32.OCX
[2010/08/15 00:17:22 | 000,229,888 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll
[2010/08/15 00:17:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\crystal
[2010/08/15 00:15:47 | 000,059,904 | ---- | C] (Concept Software, Inc.) -- C:\WINDOWS\System32\KEYLIB32.dll
[2010/08/14 23:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\CAM Fix
[2010/08/14 18:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Any Video Converter
[2010/08/14 18:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\AnvSoft
[2010/08/14 18:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/08/13 18:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/08/13 18:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/13 18:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 20:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\NOAH_System_37
[2010/08/08 13:04:31 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\John\Desktop\WinsockFix.exe
[2010/08/07 20:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Databases for merging 7 8 10
[2010/08/07 11:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Back Up Files 7 8 10
[2010/08/06 20:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\HADiary 6 8 10
[2010/08/04 20:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\HA Schedule 6 8 10
[2010/08/04 00:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Starkey Laboratories
[2010/08/03 23:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Starkey
[2010/08/03 23:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Starkey
[2010/08/03 23:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Starkey Laboratories
[2010/08/03 23:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Inspire Updater
[2010/08/03 23:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Starkey Laboratories
[2010/08/03 22:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs
[2010/08/03 21:59:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Silabs
[2010/08/03 21:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Sonic Innovations
[2010/08/03 21:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic innovations
[2010/08/03 21:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\TurnTool
[2010/08/03 21:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Widex
[2010/08/03 21:55:11 | 000,215,040 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\vclx70.bpl
[2010/08/03 21:55:10 | 001,381,376 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\vcl70.bpl
[2010/08/03 21:55:10 | 000,778,240 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\rtl70.bpl
[2010/08/03 21:55:10 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll
[2010/08/03 21:55:10 | 000,022,528 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\borlndmm.dll
[2010/08/03 21:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Widex
[2010/08/03 21:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Widex Shared
[2010/08/03 21:45:58 | 001,093,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc80u.dll
[2010/08/03 21:45:58 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71d.dll
[2010/08/03 21:45:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcm80.dll
[2010/08/03 21:45:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC80DEU.dll
[2010/08/03 21:45:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71DEU.DLL
[2010/08/03 21:45:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC80ITA.dll
[2010/08/03 21:45:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC80FRA.dll
[2010/08/03 21:45:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC80ESP.dll
[2010/08/03 21:45:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2010/08/03 21:45:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71FRA.DLL
[2010/08/03 21:45:58 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcm80u.dll
[2010/08/03 21:45:58 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC80ENU.dll
[2010/08/03 21:45:58 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2010/08/03 21:45:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC80KOR.dll
[2010/08/03 21:45:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC80JPN.dll
[2010/08/03 21:45:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2010/08/03 21:45:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2010/08/03 21:45:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC80CHT.dll
[2010/08/03 21:45:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2010/08/03 21:45:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC80CHS.dll
[2010/08/03 21:45:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2010/08/03 21:45:44 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010/08/03 21:45:44 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010/08/03 21:45:44 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2010/08/03 21:45:43 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc80.dll
[2010/08/03 21:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonova
[2010/08/03 21:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Unitron Hearing
[2010/08/03 21:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Unitron Hearing
[2010/08/02 01:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Graces Ball
[2010/07/31 03:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Hauppauge Drivers
[2010/07/27 11:07:05 | 000,092,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SQSRVRES.DLL
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\John\Desktop\*.tmp files -> C:\Documents and Settings\John\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

OTL Log Part 2:


========== Files - Modified Within 30 Days ==========

[2010/08/17 02:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/17 02:27:55 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/08/17 02:27:53 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/08/17 02:27:48 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/08/17 02:23:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/17 02:14:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1637723038-725345543-1003UA.job
[2010/08/17 02:08:05 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 01:37:39 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/17 01:37:28 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/17 01:37:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/17 01:37:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 01:37:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/17 01:37:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 00:46:44 | 000,001,326 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Buy Customer Appointment Manager Pro.lnk
[2010/08/17 00:46:43 | 000,001,087 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Customer Appointment Manager Pro Demo.lnk
[2010/08/16 13:49:02 | 025,215,872 | ---- | M] () -- C:\Documents and Settings\John\Desktop\campro4Demo.exe
[2010/08/16 09:14:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1637723038-725345543-1003Core.job
[2010/08/16 00:38:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/15 23:37:02 | 000,063,796 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/15 11:54:22 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\John\NTUSER.DAT
[2010/08/15 11:25:06 | 001,440,256 | ---- | M] () -- C:\Documents and Settings\John\Start Menu\Programs\Startup\Microsoft.exe
[2010/08/15 01:20:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/08/15 00:43:26 | 000,607,568 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/15 00:43:26 | 000,569,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/15 00:43:26 | 000,113,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/15 00:23:11 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NOAH System.lnk
[2010/08/14 21:35:36 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Deleting problems 14 08 10.doc
[2010/08/14 19:47:57 | 000,000,583 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2010/08/14 18:19:55 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Any Video Converter.lnk
[2010/08/13 18:20:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/13 18:20:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/11 14:14:31 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Google Chrome.lnk
[2010/08/11 14:14:31 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/11 00:23:05 | 000,779,264 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Install Noah.doc
[2010/08/10 23:29:18 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\John\Desktop\NOAH download and Database back up instructions.doc
[2010/08/10 22:40:45 | 000,393,805 | ---- | M] () -- C:\Documents and Settings\John\Desktop\NOAH 7+ User License.exe
[2010/08/10 09:56:45 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Terminal Server.RDP
[2010/08/09 20:08:55 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\John\Desktop\VPN - REMOTE DESKTOP for Hugh.doc
[2010/08/08 13:05:22 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\John\Desktop\WinsockFix.exe
[2010/08/08 11:42:58 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Diary Log Ins.xls
[2010/08/08 02:45:27 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Software Review 8 8 10.doc
[2010/08/07 22:58:39 | 000,452,608 | ---- | M] () -- C:\Documents and Settings\John\Desktop\References found 1.xls
[2010/08/07 22:24:54 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Searching database 7 8 10.doc
[2010/08/07 20:43:00 | 308,173,098 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Databases for merging 7 8 10.zip
[2010/08/07 20:33:11 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Hearing Aid Lists for Diary Software 04 08 10.xls
[2010/08/07 20:32:38 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\John\Desktop\HA Diary Review 6 8 10.doc
[2010/08/07 10:34:40 | 308,274,120 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Back Up Files 7 8 10.zip
[2010/08/07 10:01:42 | 003,266,835 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Everybodies gotta learn sometime.mp3
[2010/08/06 16:20:18 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Diary Log Ins.doc
[2010/08/05 19:28:03 | 002,170,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/05 00:05:26 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Diary Review 1 8 10.doc
[2010/08/04 23:31:46 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Software Review 4 8 10.doc
[2010/08/04 19:28:32 | 233,082,368 | ---- | M] () -- C:\Documents and Settings\John\Desktop\HA_Schedule_CP.bak
[2010/08/03 23:39:35 | 000,087,088 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/03 23:39:11 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/03 23:39:11 | 000,000,636 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/03 23:20:18 | 000,000,083 | ---- | M] () -- C:\WINDOWS\AURICAL.INI
[2010/08/03 22:33:01 | 000,000,111 | ---- | M] () -- C:\WINDOWS\MESWBOX.INI
[2010/08/03 22:32:57 | 000,000,127 | ---- | M] () -- C:\WINDOWS\HIPRO.INI
[2010/08/02 00:30:32 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\John\Desktop\24 07 10 review of - HA Diary Software Review 29 06 10.doc
[2010/07/25 23:42:25 | 012,855,296 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ENT Meeting 27 July 2010.doc
[2010/07/25 23:41:17 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ACC Hearing Aid Price List - changes.xls
[2010/07/24 21:32:03 | 005,660,920 | ---- | M] () -- C:\Documents and Settings\John\Desktop\LastCall (1).mp3
[2010/07/24 03:11:22 | 004,339,255 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Amanda - Oasis.mp3
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\John\Desktop\*.tmp files -> C:\Documents and Settings\John\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/17 02:27:53 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/08/17 02:27:51 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/08/17 02:27:48 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/08/17 00:46:44 | 000,001,326 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Buy Customer Appointment Manager Pro.lnk
[2010/08/17 00:46:43 | 000,001,087 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Customer Appointment Manager Pro Demo.lnk
[2010/08/17 00:44:18 | 025,215,872 | ---- | C] () -- C:\Documents and Settings\John\Desktop\campro4Demo.exe
[2010/08/15 11:25:17 | 001,440,256 | ---- | C] () -- C:\Documents and Settings\John\Start Menu\Programs\Startup\Microsoft.exe
[2010/08/15 00:23:11 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NOAH System.lnk
[2010/08/15 00:20:29 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\NoahAUDPrintHelper.dll
[2010/08/15 00:15:39 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\LaPack64.dll
[2010/08/14 21:35:35 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Deleting problems 14 08 10.doc
[2010/08/14 18:19:55 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Any Video Converter.lnk
[2010/08/13 18:20:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/13 18:20:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/13 18:19:23 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/10 23:29:18 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\John\Desktop\NOAH download and Database back up instructions.doc
[2010/08/10 22:59:11 | 000,000,583 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2010/08/10 22:40:44 | 000,393,805 | ---- | C] () -- C:\Documents and Settings\John\Desktop\NOAH 7+ User License.exe
[2010/08/10 21:12:45 | 000,779,264 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Install Noah.doc
[2010/08/09 20:07:12 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\John\Desktop\VPN - REMOTE DESKTOP for Hugh.doc
[2010/08/08 02:42:43 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Software Review 8 8 10.doc
[2010/08/07 22:24:54 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Searching database 7 8 10.doc
[2010/08/07 20:42:15 | 308,173,098 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Databases for merging 7 8 10.zip
[2010/08/07 11:32:23 | 308,274,120 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Back Up Files 7 8 10.zip
[2010/08/07 10:01:40 | 003,266,835 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Everybodies gotta learn sometime.mp3
[2010/08/06 20:41:53 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\John\Desktop\HA Diary Review 6 8 10.doc
[2010/08/06 16:21:13 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Diary Log Ins.xls
[2010/08/06 16:20:17 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Diary Log Ins.doc
[2010/08/04 20:34:28 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Software Review 4 8 10.doc
[2010/08/04 20:10:19 | 233,082,368 | ---- | C] () -- C:\Documents and Settings\John\Desktop\HA_Schedule_CP.bak
[2010/08/04 00:56:59 | 000,271,360 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Hearing Aid Lists for Diary Software 04 08 10.xls
[2010/08/03 23:20:18 | 000,000,083 | ---- | C] () -- C:\WINDOWS\AURICAL.INI
[2010/08/03 22:32:57 | 000,000,127 | ---- | C] () -- C:\WINDOWS\HIPRO.INI
[2010/08/03 22:02:00 | 000,000,111 | ---- | C] () -- C:\WINDOWS\MESWBOX.INI
[2010/08/03 21:45:44 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.MFC.manifest
[2010/08/03 21:45:44 | 000,001,869 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010/08/03 21:45:44 | 000,001,238 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.MFCLOC.manifest
[2010/08/02 00:04:15 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Diary Review 1 8 10.doc
[2010/07/25 23:41:33 | 012,855,296 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ENT Meeting 27 July 2010.doc
[2010/07/24 14:43:52 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ACC Hearing Aid Price List - changes.xls
[2010/07/24 14:32:39 | 000,103,936 | ---- | C] () -- C:\Documents and Settings\John\Desktop\24 07 10 review of - HA Diary Software Review 29 06 10.doc
[2010/07/24 03:10:13 | 005,660,920 | ---- | C] () -- C:\Documents and Settings\John\Desktop\LastCall (1).mp3
[2010/07/14 17:09:13 | 000,205,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/21 12:04:47 | 000,000,032 | ---- | C] () -- C:\Program Files\HA_Schedule.txt
[2010/01/28 16:50:51 | 000,139,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/27 15:10:09 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\John\Application Data\PnkBstrK.sys
[2010/01/25 21:10:40 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log
[2010/01/13 22:11:43 | 194,787,559 | ---- | C] () -- C:\Program Files\noah.zip
[2010/01/13 22:10:12 | 1031,162,368 | ---- | C] () -- C:\Program Files\noah.bak
[2009/12/13 23:57:42 | 000,033,429 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft Excel.ADR
[2009/08/16 10:27:59 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/08/16 10:27:59 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/08/16 10:27:59 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/08/16 10:27:59 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/08/16 10:27:59 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/08/16 10:27:59 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2009/05/18 22:01:29 | 000,000,224 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2009/05/08 18:48:57 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2009/05/03 09:18:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/03 09:18:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/05/03 09:18:33 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/03 09:18:33 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/03 09:18:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/03 09:18:31 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/03 09:18:31 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/04 15:55:31 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/04 00:32:47 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/04 00:21:08 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/04/04 00:12:42 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\FOneAsio.dll
[2009/01/16 13:45:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2003/08/07 16:42:30 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/04 11:05:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/04 11:05:02 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/04 11:05:02 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/08/30 00:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/08/30 00:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/08/30 00:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/08/30 00:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/08/30 00:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/08/30 00:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/08/30 00:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/08/30 00:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/08/30 00:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/08/30 00:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 22:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 22:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 22:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 22:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 22:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 00:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 17:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 05:41:50 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 05:41:50 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 05:41:50 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 05:41:50 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 05:41:50 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 05:41:50 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 05:41:50 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 05:41:52 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 05:41:52 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 05:41:52 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 05:41:52 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 05:41:52 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 05:41:52 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 05:42:06 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 05:42:10 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/04/03 23:17:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/03 23:36:43 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/06/11 17:47:43 | 000,027,292 | ---- | M] () -- C:\CAMInstall.log
[2009/04/03 23:17:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/15 00:19:47 | 000,045,132 | ---- | M] () -- C:\DWFConf.HIMSA.Log
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/08/14 19:53:44 | 000,001,389 | ---- | M] () -- C:\InstallAssist.log
[2009/04/03 23:17:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/03 23:17:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/04/03 23:35:44 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/03 23:48:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/17 01:36:50 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2009/08/16 03:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/08/16 00:12:54 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/04/04 00:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2010/08/14 18:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2010/05/28 18:08:02 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/08/13 18:14:57 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/03 21:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/04/03 23:16:07 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/11 17:48:09 | 000,000,000 | ---D | M] -- C:\Program Files\Customer Appointment Manager
[2010/08/17 00:46:38 | 000,000,000 | ---D | M] -- C:\Program Files\Customer Appointment Manager Demo
[2010/08/17 00:46:38 | 000,000,000 | ---D | M] -- C:\Program Files\Customer Appointment Manager Pro
[2009/05/22 09:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\Ear
[2010/01/27 15:04:19 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/04/04 00:12:42 | 000,000,000 | ---D | M] -- C:\Program Files\FireOne
[2010/05/16 00:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/08/07 20:45:39 | 000,000,000 | ---D | M] -- C:\Program Files\HA_Schedule
[2010/08/15 00:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\HIMSA
[2009/09/06 01:48:42 | 000,000,000 | ---D | M] -- C:\Program Files\InfraRecorder
[2010/08/15 00:21:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/04 00:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/08/17 02:19:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/08/13 18:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/08/13 18:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/04/21 22:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/05/03 09:18:33 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/04/04 00:21:08 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/04/04 00:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/06/22 23:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/04/04 00:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/04/03 23:18:01 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/04/04 00:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/12/27 08:40:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/07/14 15:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/06/23 19:25:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/15 01:27:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/08/15 01:27:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/04/04 01:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/08/15 01:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009/04/04 00:26:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/07/14 15:52:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/04/04 00:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/08/15 00:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/31 22:36:44 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/08/08 18:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/04 00:54:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/04/04 00:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/04/03 23:16:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/04/03 23:15:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/05/08 18:45:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/04/03 23:49:09 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/05/01 15:45:39 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/05/23 14:03:09 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/04/03 23:16:05 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/23 14:04:19 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/01/27 16:17:11 | 000,000,000 | ---D | M] -- C:\Program Files\Qtracker
[2010/05/28 18:09:40 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/04/04 00:10:33 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/04/04 00:54:49 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/17 02:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2010/08/13 18:20:12 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/09/13 02:03:28 | 000,000,000 | ---D | M] -- C:\Program Files\Sibelius Software
[2010/08/03 22:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\Silabs
[2010/08/14 20:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\Starkey Laboratories
[2009/09/06 11:55:57 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010/08/03 21:55:17 | 000,000,000 | ---D | M] -- C:\Program Files\TurnTool
[2009/04/03 23:22:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/08/03 21:44:26 | 000,000,000 | ---D | M] -- C:\Program Files\Unitron Hearing
[2010/08/03 21:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Widex
[2009/04/04 01:14:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/12/27 08:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/01/28 16:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/04/04 01:04:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/04/04 01:16:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/08/01 23:46:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/04/03 23:49:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/04/03 23:16:05 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/05/03 08:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/04/03 23:18:01 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/08/16 11:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\ZenCub3d

< %appdata%\*.* >
[2009/04/04 11:07:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\John\Application Data\desktop.ini
[2009/12/14 00:02:39 | 000,033,429 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft Excel.ADR
[2010/01/27 15:10:09 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\John\Application Data\PnkBstrK.sys


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/30 00:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/08/30 00:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/08/30 00:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O4 - HKCU..\Run: [Microsoft Updat] C:\Program Files\Internet Explorer\services.exe ()
  O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Microsoft.exe ()
  O33 - MountPoints2\{5faac7e4-889a-11de-912e-001d60a6ee1f}\Shell - "" = AutoRun
  O33 - MountPoints2\{953b85ec-ceb3-11de-913b-001d60a6ee1f}\Shell - "" = AutoRun
  O33 - MountPoints2\{ee2d45bc-2046-11de-9105-a30e1dc0f24e}\Shell - "" = AutoRun
  [2010/08/15 11:25:06 | 001,440,256 | ---- | M] () -- C:\Documents and Settings\John\Start Menu\Programs\Startup\Microsoft.exe
  
  :commands
  [emptytemp]
  [resethosts]
  [reboot]
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Fixed!!!!!

Hi Belahzur,

I am humbled by your brilliance.

Donation made!

I have a couple of other computers with the same problem - should I run the same fix editing the line:

C:\Documents and Settings\John\Start Menu\Programs\Startup\Microsoft.exe

to replace "John" with folder name appropriate for the computer - or should I post in a log for each one (or is posting several logs for the same problem too much of an imposition?)

Either way - many thanks again for your help!

Please find fix log as requested:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Updat deleted successfully.
C:\Program Files\Internet Explorer\services.exe moved successfully.
C:\Documents and Settings\John\Start Menu\Programs\Startup\Microsoft.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5faac7e4-889a-11de-912e-001d60a6ee1f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5faac7e4-889a-11de-912e-001d60a6ee1f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{953b85ec-ceb3-11de-913b-001d60a6ee1f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{953b85ec-ceb3-11de-913b-001d60a6ee1f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee2d45bc-2046-11de-9105-a30e1dc0f24e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee2d45bc-2046-11de-9105-a30e1dc0f24e}\ not found.
File C:\Documents and Settings\John\Start Menu\Programs\Startup\Microsoft.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: John
->Temp folder emptied: 852422116 bytes
->Temporary Internet Files folder emptied: 679755651 bytes
->Java cache emptied: 26928626 bytes
->FireFox cache emptied: 88522541 bytes
->Google Chrome cache emptied: 21284705 bytes
->Flash cache emptied: 610892 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 621334 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 148456942 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,736.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.10.0 log created on 08182010_012136

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP00000013BE43BE53DA73DB46 not found!

Registry entries deleted on Reboot...

Hello.
We work on a 1 machine per topic basis, this topic for this machine, then once were done, open a NEW topic for another machine.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.