TechSpot

System check after credit card fraud

By Rwolf01
Oct 23, 2011
  1. I recently made a donation for a walk-a-thon charity event that required me to type in my credit card # at their website. Within 2 days I got a string of bogus charges totalling hundreds of dollars. (some of which were to other aparently legitimate medical charities) Fortunately the VISA fraud squad spotted it and called me.

    I contacted the charity and the person who sent me the donation request and they are both legitimate. (they said all the right things: denying knowing of any other victims, promising to look into it, etc.)

    Just to be safe, I also want to also check if my system has any sort of spyware that could have captured the credit card information as I typed it in.

    I ran a full TrendMicro OfficeScan witrh the latest virus pattern files and it didn't find anything. I also ran scans with MalwareBytes, Adaware, GMER and DDS.
    (log attached, but I noticed nothing odd)

    Can you think of anything else I should do to check the system?

    Thanks, in advance, for your thoughtful advice!

    - Rwolf
    ============================
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8002

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/23/2011 12:41:20 AM
    mbam-log-2011-10-23 (00-41-20).txt

    Scan type: Quick scan
    Objects scanned: 207498
    Time elapsed: 11 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ==============================
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-23 01:56:25
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 OCZ-VERT rev.2.11
    Running: 0qfffwno(GMER).exe; Driver: C:\DOCUME~1\rwolf\LOCALS~1\Temp\kwrdrpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0x9159B87E]
    SSDT 8765B060 ZwCreateMutant
    SSDT 876593C0 ZwCreateProcess
    SSDT 87659680 ZwCreateProcessEx
    SSDT 8765AD20 ZwCreateThread
    SSDT 8765A440 ZwDeleteKey
    SSDT 8765A700 ZwDeleteValueKey
    SSDT 8765AEC0 ZwLoadDriver
    SSDT 87659940 ZwOpenProcess
    SSDT 8765B200 ZwSetSystemInformation
    SSDT \SystemRoot\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0x9159BBFE]
    SSDT 87659C00 ZwTerminateProcess
    SSDT 8765AB80 ZwWriteVirtualMemory

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5276] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00F52BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
    IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00F52CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
    IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [00F52CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5276] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    File D:\orion\UI\CALIB\Debug\ALIGNMENT.obj 61502 bytes
    File D:\orion\UI\CALIB\Debug\ALIGNMENT.sbr 1190365 bytes
    File D:\orion\UI\CALIB\Debug\ALIGNMENTRECIPEDLG.obj 43926 bytes
    File D:\orion\UI\CALIB\Debug\ALIGNMENTRECIPEDLG.sbr 1162576 bytes
    File D:\orion\UI\CALIB\Debug\ANALOGCALIBRATION.obj 58923 bytes

    << snip: numerous files deleted to meet 50k char limit.>>

    File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.cpp 0 bytes
    File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.def 0 bytes
    File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.dsp 0 bytes
    File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.dsw 0 bytes
    File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.h 0 bytes
    File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.plg 0 bytes

    ---- EOF - GMER 1.0.15 ----
    ======================================
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by rwolf at 17:48:19 on 2011-10-23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2426 [GMT -7:00]
    .
    AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {9618DB9B-667E-4F02-9A27-C9ECD7BA6961}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IDT\WDM\stacsv.exe
    svchost.exe
    C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
    C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\AESTFltr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\nuggets(migrate-to-D-drive)\PureText\PureText.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFEA.EXE
    C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
    C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.EXE
    C:\Program Files\Common Files\Sonic Shared\CineTray.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\dynamiclinkmanager.exe
    C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\Adobe QT32 Server.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: IEBrowserHelperObject Class: {86ea4148-bee6-4cee-a72f-da27a5112bd1} - c:\windows\system32\SSIBrowserHook5.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [\\192.168.0.129\EPSON WF1100] c:\windows\system32\spool\drivers\w32x86\3\e_fatifea.exe /fu "c:\docume~1\rwolf\locals~1\temp\E_S122.tmp" /EF "HKCU"
    uRun: [PureText] "c:\nuggets(migrate-to-d-drive)\puretext\PureText.exe"
    uRun: [\\rwolf00\EPSON WF1100] c:\windows\system32\spool\drivers\w32x86\3\e_fatifea.exe /fu "c:\docume~1\rwolf\locals~1\temp\E_S11E.tmp" /EF "HKCU"
    uRun: [CAHeadless] c:\program files\adobe\elements 10 organizer\caheadless\ElementsAutoAnalyzer.exe
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
    mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "c:\documents and settings\all users\application data\bomgar-scc-4e4ac44e" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD299682678 /f
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
    uPolicies-system: disablelockworkstation = 1 (0x1)
    mPolicies-system: disablelockworkstation = 1 (0x1)
    IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: digikey.com\ordering
    Trusted Zone: kla-tencor.com
    Trusted Zone: kla-tencor.com
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285381672593
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285389881531
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{175E30C5-8C70-49C8-9A9C-2F57092E95E5} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{43F498F0-46B3-47B1-A154-84CE36F1164B} : NameServer = 10.39.11.50,10.208.11.85
    TCP: Interfaces\{56EB5E61-440E-47A0-AF68-4ADD7964AB14} : DhcpNameServer = 192.168.1.1
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\rwolf\application data\mozilla\firefox\profiles\xlw1tb4u.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-22 64512]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2010-9-24 17648]
    R1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [2010-10-15 54048]
    R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
    R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-8-18 59904]
    R2 SSI Survey Client;SSI Survey Client;c:\program files\scalable software\survey\ssi survey client\surveyclientnt.exe [2010-12-11 90112]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-12-22 52304]
    R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2008-5-2 262416]
    R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-5-2 36624]
    R2 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-7-10 689416]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-11-15 592120]
    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-24 43888]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-24 113664]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-24 168616]
    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2007-9-13 26137]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-24 132480]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-24 235520]
    R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2010-9-24 6650752]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
    S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2007-9-13 157648]
    S3 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [2010-11-17 724992]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-1-2 96488]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-1-2 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-1-2 121576]
    S3 SSI Client Installer;SSI Client Installer;c:\windows\system32\SCInstallerNT.exe [2010-12-11 503808]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
    .
    =============== Created Last 30 ================
    .
    2011-10-23 06:23:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-10-23 05:33:27 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-10-23 05:30:19 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-10-23 05:30:14 -------- d-----w- c:\program files\Lavasoft
    2011-10-05 18:07:57 -------- d-----w- c:\documents and settings\rwolf\application data\webex
    2011-10-05 18:07:45 -------- d-----w- c:\program files\WebEx
    2011-10-03 09:02:17 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
    2011-10-03 08:55:29 -------- d-----w- c:\program files\SmartSound Software
    2011-10-03 08:55:22 -------- d-----w- c:\documents and settings\all users\application data\SmartSound Software Inc
    .
    ==================== Find3M ====================
    .
    2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 09:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-29 01:05:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-14 23:50:59 660 ----a-r- C:\gtModLab.bat
    .
    ============= FINISH: 17:48:46.28 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Attach.txt part of DDS is missing so please provide that.

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Trend Micro.
    One of them has to go.
    I suggest Lavasoft goes.

    So far I don't see anything malicious.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Hi Broni, Nice to meet you!

    I installed ad-aware to do a one-time scan. Didn't realize it was redundant with officeScan. It's gone now.

    The attach.txt file is below. I will get to the requested scans within 48 hours.

    Thanks for the help!
    ------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/24/2010 6:32:16 PM
    System Uptime: 10/23/2011 2:10:02 AM (15 hours ago)
    .
    Motherboard: Dell Inc. | | 0667CC
    Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz | CPU 1 | 2632/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 68.812 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 150.37 GiB free.
    E: is Removable
    R: is FIXED (NTFS) - 932 GiB total, 303.789 GiB free.
    W: is NetworkDisk (NTFS) - 932 GiB total, 31.083 GiB free.
    X: is NetworkDisk (NTFS) - 215 GiB total, 205.755 GiB free.
    Y: is NetworkDisk (NTFS) - 244 GiB total, 219.299 GiB free.
    Z: is NetworkDisk (NTFS) - 200 GiB total, 193.542 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\474FC0003658261
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\474FC0003658261
    Service: NIC1394
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom USH
    Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
    Manufacturer:
    Name: Broadcom USH
    PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    AccelerometerP11
    Ad-Aware
    Adobe AIR
    Adobe Common File Installer
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop Elements 10
    Adobe Photoshop.com Inspiration Browser
    Adobe Premiere Elements 10
    Adobe Reader 9.4.4
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    CamStudio OSS Desktop Recorder
    CCleaner
    Cisco AnyConnect VPN Client
    Cisco MeetingPlace for Outlook
    Cisco Systems VPN Client 5.0.07.0290
    Compatibility Pack for the 2007 Office system
    Configuration Manager Client
    Crystal XI
    Deco Planner 3
    Dell Touchpad
    Elements 10 Organizer
    ESET Online Scanner v3
    FilterPro
    Garmin City Navigator North America v8
    Google Earth
    Google Update Helper
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB945436)
    Hotfix for Windows XP (KB949764)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB958244)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    IDT Audio
    InstaCal and Universal Library for Windows
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 29
    Kies mini
    KLAAgent
    M7800 DownLoader
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MapSource
    MapSource - WorldMap v3.02
    MaX Compression Client
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 6.0 Professional Edition
    MikroSpec 4.0 Professional
    Mozilla Firefox (3.6.12)
    MSDN Library - Visual Studio 6.0a
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB925673)
    Nortel VPN Client
    OGA Notifier 2.0.0048.0
    OLYMPUS Digital Camera Updater
    OLYMPUS Master 2
    OLYMPUS Raw Codec
    OLYMPUS Viewer 2
    Paint Shop Pro 7 Anniversary Edition
    PDF4Free 2.0
    PerformanceTest v7.0
    PRE10STIInstaller
    PSE10 STI Installer
    PyScripter 2.4.1
    Python 2.6 PyUSB-1.6
    Python 2.6.5
    QuickBooks Pro 99
    QuickTime
    RDC
    Release OrCAD 16.2
    Remote Administrator v2.2
    RICOH Media Driver ver.2.11.01.02
    RSA SecurID Token for Windows Desktops
    SAMSUNG USB Driver for Mobile Phones
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SmartSound Common Data
    SmartSound Premiere Elements 10 Plugin
    SmartSound Sonicfire Pro 5
    Sonic CinePlayer DVD Pack
    TracerDAQ
    Trend Micro OfficeScan Client
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Outlook 2007 Junk Email Filter (KB2553110)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    V-Planner 3.89
    WebEx
    WebFldrs XP
    WIMGAPI
    Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
    Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/21/2011 8:39:20 PM, error: Dhcp [1002] - The IP address lease 10.104.117.17 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    10/19/2011 4:44:52 PM, error: Dhcp [1002] - The IP address lease 10.104.112.198 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    10/19/2011 4:44:12 PM, error: System Error [1003] - Error code 00009088, parameter1 b9d87c1c, parameter2 b9d87c20, parameter3 b9d87c14, parameter4 b9d87c18.
    10/19/2011 3:45:57 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/19/2011 3:45:55 PM, error: Dhcp [1002] - The IP address lease 10.35.244.88 for the Network Card with network address 0026B9D665F0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    10/19/2011 2:04:36 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
    10/19/2011 2:03:46 PM, error: NETLOGON [5719] - No Domain Controller is available for domain KLASJ due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    10/19/2011 12:31:10 PM, error: Dhcp [1002] - The IP address lease 192.168.0.128 for the Network Card with network address 0026B9D665F0 has been denied by the DHCP server 10.208.10.252 (The DHCP Server sent a DHCPNACK message).
    10/19/2011 12:01:02 AM, error: Dhcp [1002] - The IP address lease 10.104.115.189 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    10/19/2011 11:03:36 AM, error: Dhcp [1002] - The IP address lease 192.168.0.134 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
    10/19/2011 10:44:23 AM, error: PlugPlayManager [12] - The device 'Disk drive' (IDE\DiskST31000528AS____________________________HP35____\4&325a58d2&0&0.2.0) disappeared from the system without first being prepared for removal.
    10/18/2011 12:53:16 AM, error: Dhcp [1002] - The IP address lease 10.104.118.43 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    10/18/2011 1:50:38 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
    10/17/2011 12:53:43 AM, error: Dhcp [1002] - The IP address lease 10.104.112.135 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    10/17/2011 1:18:52 PM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    .
    ==== End Of File ===========================
     
  4. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Hellow again,

    I ran aswMBR in safemode, after letting it do the avast virus file updates. The UI was slightly different, but I just accepted the defaults and did a "quickscan". It has a new very tempting looking buttong called "FixMBR" but I left that alone...

    The log file is
    =====================
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-25 01:50:44
    -----------------------------
    01:50:44.078 OS Version: Windows 5.1.2600 Service Pack 3
    01:50:44.078 Number of processors: 4 586 0x2502
    01:50:44.078 ComputerName: RWOLF01 UserName:
    01:50:44.187 Initialize success
    01:50:48.390 AVAST engine defs: 11102402
    01:51:56.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    01:51:56.328 Disk 0 Vendor: OCZ-VERT 2.11 Size: 114473MB BusType: 8
    01:51:56.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
    01:51:56.406 Disk 1 Vendor: ST950056 SD23 Size: 476940MB BusType: 8
    01:51:56.453 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2
    01:51:56.500 Disk 2 Vendor: ST310005 HP35 Size: 953869MB BusType: 8
    01:51:56.546 Disk 0 MBR read successfully
    01:51:56.593 Disk 0 MBR scan
    01:51:56.656 Disk 0 Windows XP default MBR code
    01:51:56.703 Disk 0 scanning sectors +234436545
    01:51:56.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    01:52:01.125 Service scanning
    01:52:02.031 Modules scanning
    01:52:03.750 Disk 0 trace - called modules:
    01:52:03.890 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys hal.dll iaStor.sys
    01:52:03.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0792e0]
    01:52:04.078 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8b079020]
    01:52:04.171 5 stdcfltn.sys[f78a888a] -> nt!IofCallDriver -> \Device\00000089[0x8b043a00]
    01:52:04.265 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8b02e028]
    01:52:04.484 AVAST engine scan C:\WINDOWS
    01:52:05.281 AVAST engine scan C:\WINDOWS\system32
    01:52:55.312 AVAST engine scan C:\WINDOWS\system32\drivers
    01:53:00.656 AVAST engine scan C:\Documents and Settings\Administrator
    01:53:02.156 AVAST engine scan C:\Documents and Settings\All Users
    01:54:51.890 Scan finished successfully
    01:55:31.875 Disk 0 MBR has been saved successfully to "D:\nuggets\TechSpot\MBR.dat"
    01:55:31.921 The log file has been saved successfully to "D:\nuggets\TechSpot\aswMBRlog10-25.txt"
    =====================
    I then ran ComboFix in safemode with networking, so it could get the downloads it needed.
    It ran mostly uneventfully, but there was a windows box proclaiming an access violation in "rmbr.3ex", (this occured roughly at the end of stage1 of the scan) This didn't crash the program though and it completed some 40 other stages uneventfully.

    Combifix log file is:

    ==============================

    ComboFix 11-10-24.05 - Administrator 10/25/2011 2:11.2.4 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.3105 [GMT -7:00]
    Running from: d:\nuggets\TechSpot\ComboFix.exe
    AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {9618DB9B-667E-4F02-9A27-C9ECD7BA6961}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Ralph Wolf\WINDOWS
    c:\documents and settings\rwolf\Cookies\Index_3E227C64.dat
    c:\documents and settings\rwolf\Cookies\IndexIE_3E227C64.dat
    c:\windows\system32\d3d9caps.dat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-25 08:25 . 2011-10-25 08:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2011-10-23 05:33 . 2011-10-23 05:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-10-23 05:30 . 2011-10-24 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2011-10-18 23:56 . 2011-10-18 23:56 -------- d-----w- c:\program files\Common Files\Java
    2011-10-05 18:07 . 2011-10-05 18:07 -------- d-----w- c:\documents and settings\rwolf\Application Data\webex
    2011-10-05 18:07 . 2011-10-05 18:07 -------- d-----w- c:\program files\WebEx
    2011-10-03 09:02 . 2011-10-03 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
    2011-10-03 08:55 . 2011-10-03 08:55 -------- d-----w- c:\program files\SmartSound Software
    2011-10-03 08:55 . 2011-10-03 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-03 12:06 . 2010-11-17 09:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 09:37 . 2010-11-17 09:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-29 01:05 . 2011-05-13 20:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-01 00:00 . 2011-03-24 14:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-14 23:51 . 2011-08-14 23:51 2003 ----a-r- C:\WriteStatus.bat
    2011-08-14 23:51 . 2011-08-14 23:51 113664 ----a-r- C:\vercheck.exe
    2011-08-14 23:51 . 2011-08-14 23:51 105984 ----a-r- C:\stm.exe
    2011-08-14 23:51 . 2011-08-14 23:51 1680 ----a-r- C:\smsettings.bat
    2011-08-14 23:51 . 2011-08-14 23:51 19682 ----a-r- C:\SmModels.bat
    2011-08-14 23:51 . 2011-08-14 23:51 17768 ----a-r- C:\Sm_org.bat
    2011-08-14 23:51 . 2011-08-14 23:51 19807 ----a-r- C:\Sm011707.bat
    2011-08-14 23:51 . 2011-08-14 23:51 608 ----a-r- C:\SimpleBuild.bat
    2011-08-14 23:51 . 2011-08-14 23:51 20429 ----a-r- C:\Sm.bat
    2011-08-14 23:51 . 2011-08-14 23:51 128 ----a-r- C:\SetVCC.bat
    2011-08-14 23:51 . 2011-08-14 23:51 628 ----a-r- C:\settings.bat
    2011-08-14 23:51 . 2011-08-14 23:51 525 ----a-r- C:\setall.bat
    2011-08-14 23:51 . 2011-08-14 23:51 287 ----a-r- C:\setlabel.bat
    2011-08-14 23:51 . 2011-08-14 23:51 229439 ----a-r- C:\ReArrangeFiles.exe
    2011-08-14 23:51 . 2011-08-14 23:51 452 ----a-r- C:\PSM.BAT
    2011-08-14 23:51 . 2011-08-14 23:51 1465 ----a-r- C:\postBuild.bat
    2011-08-14 23:51 . 2011-08-14 23:51 172089 ----a-r- C:\osversion.exe
    2011-08-14 23:51 . 2011-08-14 23:51 58880 ----a-r- C:\makerpt.exe
    2011-08-14 23:51 . 2011-08-14 23:51 54 ----a-r- C:\nmd.cmd
    2011-08-14 23:51 . 2011-08-14 23:51 4561 ----a-r- C:\MakeLeafCode.bat
    2011-08-14 23:51 . 2011-08-14 23:51 4311 ----a-r- C:\MakeLeafCode_add_iADC.bat
    2011-08-14 23:51 . 2011-08-14 23:51 1293 ----a-r- C:\Makeone.bat
    2011-08-14 23:51 . 2011-08-14 23:51 1434 ----a-r- C:\MakeJobManager.bat
    2011-08-14 23:51 . 2011-08-14 23:51 36864 ----a-r- C:\ListViewer.exe
    2011-08-14 23:51 . 2011-08-14 23:51 645 ----a-r- C:\LabAllGd.bat
    2011-08-14 23:51 . 2011-08-14 23:51 337 ----a-r- C:\LabGood.bat
    2011-08-14 23:51 . 2011-08-14 23:50 1762 ----a-r- C:\gtOneLab.bat
    2011-08-14 23:50 . 2011-08-14 23:50 660 ----a-r- C:\gtModLab.bat
    2011-08-14 23:50 . 2011-08-14 23:50 550 ----a-r- C:\gtModCur.bat
    2011-08-14 23:50 . 2011-08-14 23:50 3656 ----a-r- C:\gtAllLab.bat
    2011-08-14 23:50 . 2011-08-14 23:50 1764 ----a-r- C:\gtOneCur.bat
    2011-08-14 23:50 . 2011-08-14 23:50 5871 ----a-r- C:\gtAllCur_withIC.bat
    2011-08-14 23:50 . 2011-08-14 23:50 18472 ----a-r- C:\gtAllCur021407.bat
    2011-08-14 23:50 . 2011-08-14 23:50 11940 ----a-r- C:\gtAllCur_old.bat
    2011-08-14 23:50 . 2011-08-14 23:50 20566 ----a-r- C:\gtAllCur.bat
    2011-08-14 23:50 . 2011-08-14 23:50 107520 ----a-r- C:\filePoller.exe
    2011-08-14 23:50 . 2011-08-14 23:50 11111 ----a-r- C:\DELTREE.EXE
    2011-08-14 23:50 . 2011-08-14 23:50 43008 ----a-r- C:\dbwrite.exe
    2011-08-14 23:50 . 2011-08-14 23:50 105984 ----a-r- C:\ctm.exe
    2011-08-14 23:50 . 2011-08-14 23:50 4521 ----a-r- C:\copyreg.bat
    2011-08-14 23:50 . 2011-08-14 23:50 1428 ----a-r- C:\copyfile.bat
    2011-08-14 23:50 . 2011-08-14 23:50 520 ----a-r- C:\convertAllModels.bat
    2011-08-14 23:50 . 2011-08-14 23:50 25698 ----a-r- C:\Copy (2) of Build_63spack.bat
    2011-08-14 23:50 . 2011-08-14 23:50 25333 ----a-r- C:\Copy of Build_63spack_non56.bat
    2011-08-14 23:50 . 2011-08-14 23:50 467 ----a-r- C:\bumpver.bat
    2011-08-14 23:50 . 2011-08-14 23:50 18432 ----a-r- C:\Bumpver.exe
    2011-08-14 23:50 . 2011-08-14 23:50 176212 ----a-r- C:\Buildsp2_021407.exe
    2011-08-14 23:50 . 2011-08-14 23:50 176212 ----a-r- C:\BuildSP2_010207.exe
    2011-08-14 23:50 . 2011-08-14 23:50 176212 ----a-r- C:\Buildnew.exe
    2011-08-14 23:50 . 2011-08-14 23:50 3372 ----a-r- C:\Builder.bat
    2011-08-14 23:50 . 2011-08-14 23:50 24708 ----a-r- C:\Build_63spack_test.bat
    2011-08-14 23:50 . 2011-08-14 23:50 23276 ----a-r- C:\Build_63spack_withIC.bat
    2011-08-14 23:50 . 2011-08-14 23:50 21216 ----a-r- C:\Build_63spack_vss.bat
    2011-08-14 23:50 . 2011-08-14 23:50 16664 ----a-r- C:\builddiag.bat
    2011-08-14 23:50 . 2011-08-14 23:50 25523 ----a-r- C:\Build_63spack_non56.bat
    2011-08-14 23:50 . 2011-08-14 23:50 24844 ----a-r- C:\Build_63spack_926.bat
    2011-08-14 23:50 . 2011-08-14 23:50 24842 ----a-r- C:\Build_63spack_11152005.bat
    2011-08-14 23:50 . 2011-08-14 23:50 24631 ----a-r- C:\Build_63spack_913.bat
    2011-08-14 23:50 . 2011-08-14 23:50 23709 ----a-r- C:\Build_63spack_826.bat
    2011-08-14 23:50 . 2011-08-14 23:50 25730 ----a-r- C:\Build_63spack_020106.bat
    2011-08-14 23:50 . 2011-08-14 23:50 25687 ----a-r- C:\Build_63spack56_test.bat
    2011-08-14 23:50 . 2011-08-14 23:50 25617 ----a-r- C:\Build_63spack56.bat
    2011-08-14 23:50 . 2011-08-14 23:50 25186 ----a-r- C:\Build_63spack022406.bat
    2011-08-14 23:50 . 2011-08-14 23:50 25186 ----a-r- C:\Build_63spack_01052006.bat
    2011-08-14 23:50 . 2011-08-14 23:50 25682 ----a-r- C:\Build_63spack.bat
    2011-08-14 23:50 . 2011-08-14 23:50 155706 ----a-r- C:\Build63SPack_56.exe
    2011-08-14 23:50 . 2011-08-14 23:50 155700 ----a-r- C:\Build63spack.exe
    2011-08-14 23:50 . 2011-08-14 23:50 176212 ----a-r- C:\Build.exe
    2011-08-14 23:50 . 2011-08-14 23:50 532 ----a-r- C:\AutomateTest.bat
    2011-08-14 23:50 . 2011-08-14 23:50 3356 ----a-r- C:\AITidlcompiler.bat
    2011-08-14 23:50 . 2011-08-14 23:50 221 ----a-r- C:\autoinstall.bat
    2011-08-14 23:50 . 2011-08-14 23:50 164 ----a-r- C:\autoinstalld.bat
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-27 136216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-27 170008]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-27 145432]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-20 1400832]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1206544]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
    "FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-07-28 727664]
    "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-02-06 849192]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-19 495708]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Bomgar_Cleanup_ZD299682678"="rd" [X]
    .
    c:\documents and settings\Ralph Wolf\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
    VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-12-7 6144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "disablelockworkstation"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\Licensing\\LicenseClientConfiguration.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdnshelp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsinfo.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsmps.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsMsgServer.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsNameServer.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsOaPathUtil.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsRemote.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsRemshClient.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsRunHidden.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsServIpc.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsUnzip.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdswhich.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsZip.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cds_root.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\clsAdminTool.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\clsbd.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\clu.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cmfeedback.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\consmgr.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\dregprint.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\emsChecker.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\emsMkError.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\mpsinfo.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\msgHelp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\nmp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\nmppath.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\switchversion.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\van.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\versionviewer.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\capture.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\comp16.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\pcadi.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\pspiceexplorersrvr.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\pstswp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\regsvr32.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\sch2cap.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\tutorial\\Captutor.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\cdnshelp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\cdnshelpindexer.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\indexer.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\tagtest.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\topicgen.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\_cdnshelp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\dfII\\bin\\skill.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\dfII\\bin\\skill_g.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\bodygen.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\cpmaccess.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\libaccess.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\lrm.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\mkdefcfg.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\newgenasym.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\pcbCache.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\projmgr.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\psetup.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\purge.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\QPSetup.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\rollback.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\UniversalBrowser.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\versiontool.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\java.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\javacpl.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\javaw.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\javaws.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\jucheck.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\jusched.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\keytool.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\kinit.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\klist.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\ktab.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\orbd.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\pack200.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\policytool.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\rmid.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\rmiregistry.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\servertool.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\tnameserv.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\unpack200.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\fvupdateutil.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\gcad.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\gcam.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\gcdin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\idfin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\ipc356.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\layout.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\libcat.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\lsession.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\max2hyp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxascb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxascx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxdxf.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxeco.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxfnetx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxminb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxminw.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxminx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxorcad.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxp99x.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxpadb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxpadx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxpcadb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxpcadx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxprotb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxprotx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxstrb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxstrx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxtangb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxtangx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\mfceco.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\orcadodb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\padb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\padx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\pcadb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\pcadx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\pcb2max.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\prcat.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\protb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\protx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\searchTool.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\setbrows.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\specin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\strb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\strx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\tangb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\tangx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\to386.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\toidf.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\tomax.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\tospec.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\update90.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\samples\\demo\\reset.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\sroute\\batch32.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\sroute\\sroute.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\tutorial\\laytutor.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\vcadd\\vcadd32.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\fvupdateutil.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\gcad.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\gcam.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\gcdin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\idfin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\ipc356.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\layout.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\libcat.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\lsession.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\max2hyp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxascb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxascx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxdxf.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxeco.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxfnetx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxminb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxminw.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxminx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxorcad.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxp99x.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxpadb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxpadx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxpcadb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxpcadx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxprotb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxprotx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxstrb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxstrx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxtangb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxtangx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\mfceco.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\orcadodb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\padb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\padx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\pcadb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\pcadx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\pcb2max.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\prcat.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\protb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\protx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\searchTool.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\setbrows.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\specin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\strb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\strx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\tangb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\tangx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\to386.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\toidf.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\tomax.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\tospec.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\update90.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\samples\\demo\\reset.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\sroute\\batch32.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\sroute\\sroute.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\tutorial\\Laytutor.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\vcadd\\vcadd32.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\fvupdateutil.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\gcad.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\gcam.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\gcdin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\idfin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\ipc356.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\layout.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\libcat.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\lsession.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\max2hyp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxascb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxascx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxdxf.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxeco.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxfnetx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxminb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxminw.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxminx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxorcad.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxp99x.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxpadb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxpadx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxpcadb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxpcadx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxprotb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxprotx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxstrb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxstrx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxtangb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxtangx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\mfceco.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\orcadodb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\padb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\padx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\pcadb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\pcadx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\pcb2max.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\prcat.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\protb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\protx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\searchTool.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\setbrows.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\specin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\strb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\strx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\tangb.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\tangx.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\to386.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\toidf.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\tomax.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\tospec.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\update90.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\samples\\demo\\reset.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\sroute\\batch32.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\sroute\\sroute.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\tutorial\\laytutor.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\vcadd\\vcadd32.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\a2dxf.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\allegro.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\allegro_batch.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\allegro_free_viewer.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\aprepmap.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\artwork.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ashowmap.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\batch_drc.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\bbvia.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\bem2d.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\brd2dml.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\convert_gerber.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\create_devices.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\create_sym.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbdoctor.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbdoctor14.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbdoctor15.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbdoctor_ui.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbfix11.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbfix12.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbfix13.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbstat.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\db_change_type.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dfa_dlg.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dfa_update.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dml2brd.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dmlcheck.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dmlcrypt.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\downrev14.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\downrev_library.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\draw_check.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dump_libraries.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dxf2a.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ems2d.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\enved.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\explot.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\extracta.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\fatten.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\flash_convert.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\fpbrowse.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\FSvia.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\FSviaSolver.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ftsmerge.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\gate_assign.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\gbplot.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\genfeedformat.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\genrad.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\gloss.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ibis2signoise.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ibischk3.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ibischk4.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\icmchk.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\idf_in.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\idf_out.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\iges_in.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\iges_out.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\il_allegro.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ipc356_out.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\j2script.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\l2a.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\lis2buf.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\mbs2lib.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\mcm_escapes.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\mergedml.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\mkdeviceindex.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\modelintegrity.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\modelsim.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ncroute.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\nctape.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\netin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\netrev.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\pads_in.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\pad_designer.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\parallel.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\pcad_in.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\pe_wordpad.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\placement.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\plctxt.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\pre_check.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\productServer.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\quad2signoise.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\qvupdate.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\refresh_padstack.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\refresh_symbol.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\refresh_vs.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\reftxt.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\report.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\signoise.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\sigwave.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\sigxp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\sigxsect.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\spc2dml.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\spc2spc.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\spif.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\spif_batch.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\swap.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\systemdump.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\sys_root.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\techfile.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\techfile13.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\techfile14.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\techfile15.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\tlsim.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ts2dml.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\uprev.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\zrouter.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\perl5\\bin\\perl.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\perl5\\bin\\perlglob.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\perl5\\ntt\\cmd32.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\appmgr.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\IndiceFileGeneration.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\lxcwin.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\Magneticdesigner.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\modeled.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\MrkSrvr.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\msgview.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\PDesign.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\psched.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\pspice.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\pspiceaa.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\PSpiceEnc.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\pspiceexplorersrvr.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\psp_cmd.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\regsvr32.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\simmgr.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\simsrvr.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\stmed.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\specctra\\bin\\mbs2sp.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\specctra\\bin\\sp2mbs.exe"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\specctra\\bin\\specctra.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\aconvmap.exe"=
    "c:\\Program Files\\Measurement Computing\\DAQ\\MccSkts.exe"=
    "c:\\Program Files\\Nortel\\Nortel VPN Client\\Extranet.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Trend Micro\\OfficeScan Client\\ScanMailOutLook.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "35205:TCP"= 35205:TCP:Trend Micro OfficeScan Listener
    "3622:UDP"= 3622:UDP:Windows Media Format SDK (iexplore.exe)
    "3623:UDP"= 3623:UDP:Windows Media Format SDK (iexplore.exe)
    .
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [9/24/2010 7:23 PM 17648]
    R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [8/18/2011 3:18 PM 59904]
    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [9/24/2010 7:23 PM 43888]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [9/24/2010 7:11 PM 168616]
    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [9/13/2007 9:52 AM 26137]
    R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [9/24/2010 7:17 PM 6650752]
    S1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [10/15/2010 12:27 AM 54048]
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [9/1/2011 2:22 AM 169624]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2011 6:55 PM 136176]
    S2 SSI Survey Client;SSI Survey Client;c:\program files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe [12/11/2010 12:19 AM 90112]
    S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/22/2010 12:52 AM 52304]
    S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [5/2/2008 4:22 PM 262416]
    S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [5/2/2008 4:21 PM 36624]
    S2 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [7/10/2008 6:46 PM 689416]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [11/15/2010 1:32 PM 592120]
    S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/24/2010 7:06 PM 113664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2011 6:55 PM 136176]
    S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [9/24/2010 6:51 PM 132480]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [9/24/2010 7:09 PM 235520]
    S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [9/13/2007 9:51 AM 157648]
    S3 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [11/17/2010 7:54 PM 724992]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/2/2011 9:42 AM 96488]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/2/2011 9:42 AM 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/2/2011 9:42 AM 121576]
    S3 SSI Client Installer;SSI Client Installer;c:\windows\system32\SCInstallerNT.exe [12/11/2010 12:19 AM 503808]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - PXHELP20
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-KLASJ-rwolf.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-16 23:43]
    .
    2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 01:55]
    .
    2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 01:55]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Trusted Zone: kla-tencor.com
    Trusted Zone: kla-tencor.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-25 02:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,d6,23,79,6d,eb,72,4c,82,3b,db,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,d5,0b,1a,63,ef,4d,41,ab,5b,4a,\
    .
    Completion time: 2011-10-25 02:15:43
    ComboFix-quarantined-files.txt 2011-10-25 09:15
    .
    Pre-Run: 73,864,769,536 bytes free
    Post-Run: 74,518,396,928 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
    .
    - - End Of File - - C062E55CB2269E067DBDB42E96873B27

    ===========================================

    Thanks again for reading the tea leaves of these reports and letting me know if there is anything unusual.

    Best Regards,

    Ralph Wolf
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Combofix log looks good now.
    Please move Combofix file to your desktop as my instructions say.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  6. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Bounced into safe mode as Administrator and ran OTL (from the desktop, as requested :)

    Log files are too long for one post, will split the into multiple posts, being careful not to drop any lines.

    First Up: OTL.txt part 1:
    ==========================
    OTL logfile created on: 10/29/2011 10:53:11 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.43 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 92.29% Memory free
    7.27 Gb Paging File | 7.20 Gb Available in Paging File | 99.09% Paging File free
    Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.66 Gb Total Space | 68.89 Gb Free Space | 61.70% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 150.13 Gb Free Space | 32.23% Space Free | Partition Type: NTFS
    Drive E: | 7.44 Gb Total Space | 7.44 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
    Drive R: | 931.51 Gb Total Space | 324.45 Gb Free Space | 34.83% Space Free | Partition Type: NTFS

    Computer Name: RWOLF01 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
    SRV - [2010/11/15 13:32:46 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2010/07/23 13:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2010/07/19 17:38:32 | 000,364,544 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
    SRV - [2010/07/19 17:34:02 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2010/06/01 14:47:38 | 000,503,808 | ---- | M] (Scalable Software, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\SCInstallerNT.exe -- (SSI Client Installer)
    SRV - [2010/06/01 14:47:38 | 000,090,112 | ---- | M] (Scalable Software, Inc.) [Auto | Stopped] -- C:\Program Files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe -- (SSI Survey Client)
    SRV - [2010/05/18 23:42:02 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
    SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010/02/02 18:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Unknown | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
    SRV - [2010/02/02 18:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Unknown | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
    SRV - [2010/01/07 12:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [Unknown | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
    SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
    SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
    SRV - [2004/12/20 09:47:32 | 000,724,992 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\r_server.exe -- (r_server)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
    DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
    DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
    DRV - [2010/11/15 13:19:12 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
    DRV - [2010/07/23 13:25:46 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2010/07/23 13:25:38 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2010/07/23 13:25:30 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2010/07/20 03:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2010/07/20 03:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV - [2010/07/20 03:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV - [2010/07/14 04:34:00 | 006,650,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel(R)
    DRV - [2010/07/09 10:41:42 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler)
    DRV - [2010/07/09 10:41:34 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stdcfltn.sys -- (stdcfltn)
    DRV - [2010/06/21 21:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2010/05/19 22:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2010/05/18 23:42:02 | 001,660,691 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2010/04/06 00:35:56 | 000,168,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
    DRV - [2010/03/23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2010/03/19 16:39:08 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
    DRV - [2010/02/26 23:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
    DRV - [2010/02/23 13:39:56 | 000,054,048 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\CBUL32.sys -- (CBUL32)
    DRV - [2010/01/19 12:50:12 | 000,235,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV - [2010/01/07 09:43:04 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2009/10/22 08:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2009/10/22 08:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
    DRV - [2009/04/21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
    DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2008/04/08 17:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
    DRV - [2007/11/14 20:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2007/09/13 09:52:18 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
    DRV - [2007/09/13 09:51:58 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
    DRV - [2007/09/13 09:51:58 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
    DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 02:08:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/04 03:26:18 | 000,000,000 | ---D | M]

    [2011/10/18 16:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/17 02:18:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/27 01:15:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/20 07:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/18 11:53:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/10/18 16:55:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/10/25 02:14:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKU\.DEFAULT..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
    O4 - HKU\S-1-5-18..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
    O4 - Startup: C:\Documents and Settings\Ralph Wolf\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablelockworkstation = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Persistence present
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKLM\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
    O15 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285381672593 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1285389881531 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adcorp.kla-tencor.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{175E30C5-8C70-49C8-9A9C-2F57092E95E5}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56EB5E61-440E-47A0-AF68-4ADD7964AB14}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/09/24 18:30:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,221 | R--- | M] () - C:\autoinstall.bat -- [ NTFS ]
    O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,164 | R--- | M] () - C:\autoinstalld.bat -- [ NTFS ]
    O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,532 | R--- | M] () - C:\AutomateTest.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/29 22:51:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/10/28 11:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP PrecisionScan LT Software
    [2011/10/28 11:37:18 | 000,081,920 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\HP3300T.dll
    [2011/10/28 11:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
    [2011/10/28 11:36:23 | 000,000,000 | ---D | C] -- C:\sj650
    [2011/10/25 02:22:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/10/25 02:09:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/10/25 01:57:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/10/25 01:57:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/10/25 01:57:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/10/25 01:57:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/10/25 01:57:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
    [2011/10/25 01:57:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
    [2011/10/25 01:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
    [2011/10/22 22:33:27 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/10/22 22:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2011/10/18 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/10/05 11:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
    [2011/10/03 02:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/10/03 01:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartSound
    [2011/10/03 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
    [2011/10/03 01:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2010/09/24 19:09:15 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/29 22:54:28 | 000,448,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/10/29 22:54:28 | 000,072,744 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/10/29 22:51:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/10/29 22:50:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/10/29 22:49:28 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
    [2011/10/29 22:25:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/29 11:25:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/29 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KLASJ-rwolf.job
    [2011/10/28 11:45:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
    [2011/10/28 11:45:06 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    [2011/10/28 11:44:18 | 000,000,463 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
    [2011/10/27 13:40:07 | 000,018,072 | ---- | M] () -- C:\WINDOWS\cfgall.ini
    [2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/10/25 02:14:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/10/25 02:09:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2011/10/24 17:11:42 | 000,012,282 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2011/10/22 22:33:26 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/10/10 12:43:13 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/10/03 01:53:17 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 10.lnk
    [2011/10/03 00:37:12 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 10.lnk
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
  7. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    OTL.txt part 2:

    ========== Files Created - No Company Name ==========

    [2011/10/28 11:42:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
    [2011/10/28 11:42:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2011/10/28 11:37:20 | 000,001,080 | ---- | C] () -- C:\WINDOWS\AUTOLNCH.REG
    [2011/10/28 11:37:18 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
    [2011/10/28 11:37:18 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
    [2011/10/25 02:09:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/10/25 02:09:38 | 000,000,212 | ---- | C] () -- C:\Boot.bak
    [2011/10/25 01:57:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/10/25 01:57:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/10/25 01:57:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/10/25 01:57:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/10/25 01:57:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/10/03 01:53:17 | 000,002,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Elements 10.lnk
    [2011/10/03 01:53:17 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 10.lnk
    [2011/10/03 01:05:10 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KLASJ-rwolf.job
    [2011/10/03 00:48:24 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
    [2011/10/03 00:37:12 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
    [2011/10/03 00:37:12 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 10.lnk
    [2011/09/19 19:02:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2011/07/10 23:17:43 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
    [2011/07/07 16:14:56 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
    [2011/03/29 01:29:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2010/12/26 20:18:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
    [2010/12/26 20:18:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
    [2010/12/11 00:19:26 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
    [2010/11/17 19:54:06 | 000,724,992 | ---- | C] () -- C:\WINDOWS\System32\r_server.exe
    [2010/11/17 02:08:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/11/08 03:43:11 | 000,162,783 | ---- | C] () -- C:\WINDOWS\FilterPro Uninstaller.exe
    [2010/11/02 13:59:44 | 000,000,463 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
    [2010/10/15 01:03:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inscal32.INI
    [2010/10/15 00:27:26 | 000,054,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\CBUL32.sys
    [2010/09/29 10:43:40 | 000,018,072 | ---- | C] () -- C:\WINDOWS\cfgall.ini
    [2010/09/27 19:12:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
    [2010/09/27 19:12:41 | 000,006,472 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
    [2010/09/26 16:27:26 | 000,000,146 | ---- | C] () -- C:\WINDOWS\capture.INI
    [2010/09/25 11:10:06 | 002,146,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/09/25 01:11:41 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2010/09/24 20:40:09 | 000,000,866 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/09/24 19:09:15 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
    [2010/09/24 19:09:15 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
    [2010/09/24 19:09:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2010/09/24 18:32:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/09/24 18:28:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/09/24 11:18:37 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/09/24 11:17:46 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/03/23 14:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2010/03/23 14:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 05:00:00 | 000,449,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 05:00:00 | 000,073,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/04/15 09:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/04/15 09:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/11/15 15:26:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\USBCtrl.dll
    [2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
    [2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
    [2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
    [2001/11/16 23:28:34 | 000,225,402 | ---- | C] () -- C:\WINDOWS\System32\CWtoVision.dll
    [2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
    [2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
    [1998/08/05 22:01:06 | 000,823,296 | ---- | C] () -- C:\WINDOWS\System32\Nsppx.dll
    [1998/08/05 22:01:04 | 000,829,952 | ---- | C] () -- C:\WINDOWS\System32\Nspp5.dll
    [1998/08/05 22:01:04 | 000,811,520 | ---- | C] () -- C:\WINDOWS\System32\Nspp6.dll
    [1998/08/05 22:01:02 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\Nspp4.dll
    [1998/08/05 22:01:00 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\Nspm5.dll
    [1998/08/05 22:01:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Nsp.dll
    [1998/08/05 22:00:50 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\Cpuid32.dll
    [1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

    ========== LOP Check ==========

    [2011/02/03 12:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
    [2010/09/24 21:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2010/09/26 16:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2010/12/11 03:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
    [2011/10/03 02:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/01/02 09:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2010/12/11 00:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Scalable Software
    [2011/10/03 01:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2011/08/17 17:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Arduino
    [2011/10/25 02:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/12/04 00:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Mikron
    [2010/12/26 20:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Opera
    [2011/08/17 02:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\PyScripter
    [2011/01/02 09:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Samsung
    [2011/01/02 16:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\V-Planner
    [2011/10/05 11:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\webex

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/10/23 02:10:10 | 000,000,220 | ---- | M] () -- C:\aaw7boot.log
    [2010/09/26 16:56:40 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2011/08/14 16:50:42 | 000,003,356 | R--- | M] () -- C:\AITidlcompiler.bat
    [2010/09/24 18:30:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/08/14 16:50:42 | 000,000,221 | R--- | M] () -- C:\autoinstall.bat
    [2011/08/14 16:50:42 | 000,000,164 | R--- | M] () -- C:\autoinstalld.bat
    [2011/08/14 16:50:42 | 000,000,532 | R--- | M] () -- C:\AutomateTest.bat
    [2010/11/09 00:59:23 | 000,000,212 | ---- | M] () -- C:\Boot.bak
    [2011/10/25 02:09:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2011/08/14 16:50:43 | 000,176,212 | R--- | M] () -- C:\Build.exe
    [2011/08/14 16:50:43 | 000,155,700 | R--- | M] () -- C:\Build63spack.exe
    [2011/08/14 16:50:44 | 000,155,706 | R--- | M] () -- C:\Build63SPack_56.exe
    [2011/08/14 16:50:47 | 000,016,664 | R--- | M] () -- C:\builddiag.bat
    [2011/08/14 16:50:48 | 000,003,372 | R--- | M] () -- C:\Builder.bat
    [2011/08/14 16:50:49 | 000,176,212 | R--- | M] () -- C:\Buildnew.exe
    [2011/08/14 16:50:50 | 000,176,212 | R--- | M] () -- C:\BuildSP2_010207.exe
    [2011/08/14 16:50:52 | 000,176,212 | R--- | M] () -- C:\Buildsp2_021407.exe
    [2011/08/14 16:50:44 | 000,025,682 | R--- | M] () -- C:\Build_63spack.bat
    [2011/08/14 16:50:45 | 000,025,186 | R--- | M] () -- C:\Build_63spack022406.bat
    [2011/08/14 16:50:45 | 000,025,617 | R--- | M] () -- C:\Build_63spack56.bat
    [2011/08/14 16:50:45 | 000,025,687 | R--- | M] () -- C:\Build_63spack56_test.bat
    [2011/08/14 16:50:45 | 000,025,186 | R--- | M] () -- C:\Build_63spack_01052006.bat
    [2011/08/14 16:50:45 | 000,025,730 | R--- | M] () -- C:\Build_63spack_020106.bat
    [2011/08/14 16:50:46 | 000,024,842 | R--- | M] () -- C:\Build_63spack_11152005.bat
    [2011/08/14 16:50:46 | 000,023,709 | R--- | M] () -- C:\Build_63spack_826.bat
    [2011/08/14 16:50:46 | 000,024,631 | R--- | M] () -- C:\Build_63spack_913.bat
    [2011/08/14 16:50:46 | 000,024,844 | R--- | M] () -- C:\Build_63spack_926.bat
    [2011/08/14 16:50:47 | 000,025,523 | R--- | M] () -- C:\Build_63spack_non56.bat
    [2011/08/14 16:50:47 | 000,024,708 | R--- | M] () -- C:\Build_63spack_test.bat
    [2011/08/14 16:50:47 | 000,021,216 | R--- | M] () -- C:\Build_63spack_vss.bat
    [2011/08/14 16:50:47 | 000,023,276 | R--- | M] () -- C:\Build_63spack_withIC.bat
    [2011/08/14 16:50:52 | 000,000,467 | R--- | M] () -- C:\bumpver.bat
    [2011/08/14 16:50:52 | 000,018,432 | R--- | M] () -- C:\Bumpver.exe
    [2010/09/26 02:05:41 | 000,175,120 | ---- | M] () -- C:\C2C.log
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/10/25 02:22:58 | 000,037,497 | ---- | M] () -- C:\ComboFix.txt
    [2010/09/24 18:30:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/08/14 16:50:53 | 000,000,520 | R--- | M] () -- C:\convertAllModels.bat
    [2011/08/14 16:50:53 | 000,025,698 | R--- | M] () -- C:\Copy (2) of Build_63spack.bat
    [2011/08/14 16:50:53 | 000,025,333 | R--- | M] () -- C:\Copy of Build_63spack_non56.bat
    [2011/08/14 16:50:54 | 000,001,428 | R--- | M] () -- C:\copyfile.bat
    [2011/08/14 16:50:54 | 000,004,521 | R--- | M] () -- C:\copyreg.bat
    [2011/08/14 16:50:55 | 000,105,984 | R--- | M] () -- C:\ctm.exe
    [2011/08/14 16:50:55 | 000,043,008 | R--- | M] () -- C:\dbwrite.exe
    [2011/08/14 16:50:56 | 000,011,111 | R--- | M] () -- C:\DELTREE.EXE
    [2011/08/14 16:50:56 | 000,001,528 | R--- | M] () -- C:\Endmail.pl
    [2011/08/14 16:50:57 | 000,107,520 | R--- | M] () -- C:\filePoller.exe
    [2010/09/24 19:25:26 | 000,000,968 | ---- | M] () -- C:\freefallprotection.log
    [2011/08/14 16:50:57 | 000,020,566 | R--- | M] () -- C:\gtAllCur.bat
    [2011/08/14 16:50:58 | 000,018,472 | R--- | M] () -- C:\gtAllCur021407.bat
    [2011/08/14 16:50:58 | 000,011,940 | R--- | M] () -- C:\gtAllCur_old.bat
    [2011/08/14 16:50:58 | 000,005,871 | R--- | M] () -- C:\gtAllCur_withIC.bat
    [2011/08/14 16:50:59 | 000,003,656 | R--- | M] () -- C:\gtAllLab.bat
    [2011/08/14 16:50:59 | 000,000,550 | R--- | M] () -- C:\gtModCur.bat
    [2011/08/14 16:50:59 | 000,000,660 | R--- | M] () -- C:\gtModLab.bat
    [2011/08/14 16:50:59 | 000,001,764 | R--- | M] () -- C:\gtOneCur.bat
    [2011/08/14 16:51:00 | 000,001,762 | R--- | M] () -- C:\gtOneLab.bat
    [2010/09/24 18:30:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/05/16 16:15:43 | 000,018,998 | ---- | M] () -- C:\jresetup.log
    [2011/08/14 16:51:00 | 000,000,645 | R--- | M] () -- C:\LabAllGd.bat
    [2011/08/14 16:51:00 | 000,000,337 | R--- | M] () -- C:\LabGood.bat
    [2011/08/14 16:51:01 | 000,036,864 | R--- | M] () -- C:\ListViewer.exe
    [2011/08/14 16:51:01 | 000,054,384 | R--- | M] () -- C:\makefile.def
    [2011/08/14 16:51:01 | 000,001,434 | R--- | M] () -- C:\MakeJobManager.bat
    [2011/08/14 16:51:02 | 000,004,561 | R--- | M] () -- C:\MakeLeafCode.bat
    [2011/08/14 16:51:02 | 000,004,311 | R--- | M] () -- C:\MakeLeafCode_add_iADC.bat
    [2011/08/14 16:51:02 | 000,001,293 | R--- | M] () -- C:\Makeone.bat
    [2011/08/14 16:51:03 | 000,058,880 | R--- | M] () -- C:\makerpt.exe
    [2010/09/24 18:30:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/08/14 16:51:03 | 000,000,054 | R--- | M] () -- C:\nmd.cmd
    [2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/08/14 16:51:05 | 000,172,089 | R--- | M] () -- C:\osversion.exe
    [2011/10/29 22:50:21 | 4293,918,720 | -HS- | M] () -- C:\pagefile.sys
    [2011/08/14 16:51:05 | 000,001,465 | R--- | M] () -- C:\postBuild.bat
    [2011/08/14 16:51:05 | 000,000,452 | R--- | M] () -- C:\PSM.BAT
    [2011/08/20 00:58:49 | 000,001,074 | ---- | M] () -- C:\pspbrwse.jbf
    [2011/03/28 02:58:51 | 000,000,057 | ---- | M] () -- C:\RadminLogfile.txt
    [2011/08/14 16:51:07 | 000,229,439 | R--- | M] () -- C:\ReArrangeFiles.exe
    [2011/08/14 16:51:07 | 000,000,525 | R--- | M] () -- C:\setall.bat
    [2011/08/14 16:51:07 | 000,000,287 | R--- | M] () -- C:\setlabel.bat
    [2011/08/14 16:51:08 | 000,000,628 | R--- | M] () -- C:\settings.bat
    [2011/08/14 16:51:14 | 001,099,264 | R--- | M] () -- C:\SetUpSuperMake.doc
    [2011/08/14 16:51:15 | 000,000,128 | R--- | M] () -- C:\SetVCC.bat
    [2011/08/14 16:51:15 | 000,000,608 | R--- | M] () -- C:\SimpleBuild.bat
    [2011/08/14 16:51:15 | 000,020,429 | R--- | M] () -- C:\Sm.bat
    [2011/08/14 16:51:16 | 000,019,807 | R--- | M] () -- C:\Sm011707.bat
    [2011/08/14 16:51:16 | 000,000,257 | R--- | M] () -- C:\SmConfig.db
    [2011/08/14 16:51:17 | 000,019,682 | R--- | M] () -- C:\SmModels.bat
    [2011/08/14 16:51:17 | 000,001,680 | R--- | M] () -- C:\smsettings.bat
    [2011/08/14 16:51:16 | 000,017,768 | R--- | M] () -- C:\Sm_org.bat
    [2011/08/14 16:51:17 | 000,000,777 | R--- | M] () -- C:\startmail.pl
    [2011/08/14 16:51:18 | 000,105,984 | R--- | M] () -- C:\stm.exe
    [2011/10/28 11:48:54 | 000,000,495 | ---- | M] () -- C:\stub.log
    [2011/08/14 16:51:18 | 000,000,551 | R--- | M] () -- C:\supermake.ini
    [2011/10/24 11:14:45 | 000,017,137 | ---- | M] () -- C:\SystemLog.txt
    [2010/12/22 00:54:17 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
    [2011/08/14 16:51:19 | 000,113,664 | R--- | M] () -- C:\vercheck.exe
    [2011/08/14 16:51:19 | 000,000,225 | R--- | M] () -- C:\VERSION.RC2
    [2011/08/14 16:51:20 | 000,001,296 | ---- | M] () -- C:\vssver.scc
    [2011/08/14 16:51:20 | 000,002,003 | R--- | M] () -- C:\WriteStatus.bat

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/09/24 18:30:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >
    [2010/07/06 01:12:31 | 000,986,772 | ---- | M] () -- C:\WINDOWS\WhaleShark1920x1080.jpg
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2001/07/13 07:04:00 | 000,253,952 | ---- | M] () -- C:\WINDOWS\Jasc Media Center Plus.scr
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/09/24 11:16:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2010/09/24 11:16:52 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2010/09/24 11:16:52 | 000,925,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/09/24 18:30:23 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/09/29 04:58:42 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/09/29 04:58:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/09/29 04:58:42 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/10/24 17:11:42 | 000,012,282 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    FilterPro Uninstaller.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/10/29 22:51:00 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009/01/30 18:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2008/04/14 05:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/02 23:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2008/04/14 05:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 23:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1995/08/02 06:02:00 | 000,399,984 | ---- | M] (Bits Per Second Ltd) -- C:\WINDOWS\system\GSW16.EXE
    [1998/06/17 06:40:00 | 000,406,016 | ---- | M] (Bits Per Second Ltd) -- C:\WINDOWS\system\GSW32.EXE

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "UseWUServer" = 1

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  8. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Extras.txt Part 1:
    OTL Extras logfile created on: 10/29/2011 10:53:12 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.43 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 92.29% Memory free
    7.27 Gb Paging File | 7.20 Gb Available in Paging File | 99.09% Paging File free
    Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.66 Gb Total Space | 68.89 Gb Free Space | 61.70% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 150.13 Gb Free Space | 32.23% Space Free | Partition Type: NTFS
    Drive E: | 7.44 Gb Total Space | 7.44 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
    Drive R: | 931.51 Gb Total Space | 324.45 Gb Free Space | 34.83% Space Free | Partition Type: NTFS

    Computer Name: RWOLF01 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
    "AllowUserPrefMerge" = 1
    "Enabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
    "%ProgramFiles%\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger" = %ProgramFiles%\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger
    "%ProgramFiles%\Nortel Networks\Extranet.exe:*:enabled:Nortel VPN Client" = %ProgramFiles%\Nortel Networks\Extranet.exe:*:enabled:Nortel VPN Client
    "%ProgramFiles%\SAP\FrontEnd\saplgpad.exe:*:enabled:SAP AG, Walldorf" = %ProgramFiles%\SAP\FrontEnd\saplgpad.exe:*:enabled:SAP AG, Walldorf

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
    "Enabled" = 1
    "AllowUserPrefMerge" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
    "135:TCP:*:enabled:Offer Remote Assistance TCP Port" = 135:TCP:*:enabled:Offer Remote Assistance TCP Port

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
    "Enabled" = 1
    "RemoteAddresses" = *

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
    "Enabled" = 1
    "RemoteAddresses" = *

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
    "Enabled" = 1
    "RemoteAddresses" = *

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "35205:TCP" = 35205:TCP:*:Enabled:Trend Micro OfficeScan Listener

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "35205:TCP" = 35205:TCP:*:Enabled:Trend Micro OfficeScan Listener
    "3622:UDP" = 3622:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
    "3623:UDP" = 3623:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)

    ========== Authorized Applications List ==========
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Why?
     
  10. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Sorry, your system won't let me cut & paste the contents of extras.txt...

    I get error messages like:

    1.You have included 53 images in your message. You are limited to using 6 images so please go back and correct the problem and then continue again.

    Images include use of smilies, the BB code tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator.


    and/or that I have pasted more than 50000 characters.

    Can I email or attache the file?
     
  11. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    I ran OTL in safe mode because I can't disable TrendMicro when operating normally and I didn't want them to interact in some way. (I'm a contractor and the IT people at one of my clients insisted on installing it before giving me access to their netowrk)
     
  12. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Here is the full contents of OTL's "extras.txt" as an attachement.

    (Sorry about the zip. The forum has a 200k limit on txt files.)

    Best Regards,

    Ralph
     

    Attached Files:

  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I'll need OTL.txt from normal mode.
     
  14. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    I understand. Standby...
     
  15. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Here you go. Sorry for being dense. I was looking where the light is good instead of where I lost the money....

    >> 1.The text that you have entered is too long (62934 characters). Please shorten it to 50000 characters long.

    See attachement.

    - Rwolf
     

    Attached Files:

  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You have to split it between two replies :)
     
  17. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Did you ever see "Brazil"? ("You have to say the number! :)

    ======================
    OTLnormalmode.txt part 1:


    OTL logfile created on: 10/30/2011 10:47:00 AM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rwolf\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.43 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 82.07% Memory free
    7.25 Gb Paging File | 6.79 Gb Available in Paging File | 93.66% Paging File free
    Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.66 Gb Total Space | 68.79 Gb Free Space | 61.61% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 150.11 Gb Free Space | 32.23% Space Free | Partition Type: NTFS
    Drive E: | 7.44 Gb Total Space | 7.44 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
    Drive R: | 931.51 Gb Total Space | 324.45 Gb Free Space | 34.83% Space Free | Partition Type: NTFS

    Computer Name: RWOLF01 | User Name: rwolf | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rwolf\Desktop\OTL.exe
    PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    PRC - [2011/02/22 16:55:10 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    PRC - [2010/12/03 17:20:12 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\nuggets(migrate-to-D-drive)\PureText\PureText.exe
    PRC - [2010/11/15 13:32:46 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2010/07/28 12:45:12 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2010/07/23 13:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    PRC - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    PRC - [2010/07/19 17:38:32 | 000,364,544 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
    PRC - [2010/07/19 17:37:18 | 001,400,832 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    PRC - [2010/07/19 17:34:02 | 000,966,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    PRC - [2010/07/19 17:26:06 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    PRC - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2010/06/01 14:47:38 | 000,090,112 | ---- | M] (Scalable Software, Inc.) -- C:\Program Files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe
    PRC - [2010/05/18 23:42:02 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2010/05/18 23:42:02 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
    PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2010/02/05 18:01:00 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
    PRC - [2010/02/02 18:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
    PRC - [2010/02/02 18:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
    PRC - [2010/01/07 12:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
    PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
    PRC - [2009/07/07 02:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
    PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/07/28 12:45:12 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    MOD - [2010/03/23 14:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
    MOD - [2001/08/17 22:36:16 | 000,089,088 | ---- | M] () -- C:\WINDOWS\system32\hpgt33.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
    SRV - [2010/11/15 13:32:46 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2010/07/23 13:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2010/07/19 17:38:32 | 000,364,544 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
    SRV - [2010/07/19 17:34:02 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2010/06/01 14:47:38 | 000,503,808 | ---- | M] (Scalable Software, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\SCInstallerNT.exe -- (SSI Client Installer)
    SRV - [2010/06/01 14:47:38 | 000,090,112 | ---- | M] (Scalable Software, Inc.) [Auto | Running] -- C:\Program Files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe -- (SSI Survey Client)
    SRV - [2010/05/18 23:42:02 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
    SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010/02/02 18:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Unknown | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
    SRV - [2010/02/02 18:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Unknown | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
    SRV - [2010/01/07 12:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [Unknown | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
    SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
    SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
    SRV - [2004/12/20 09:47:32 | 000,724,992 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\r_server.exe -- (r_server)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
    DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
    DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
    DRV - [2010/11/15 13:19:12 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
    DRV - [2010/07/23 13:25:46 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2010/07/23 13:25:38 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2010/07/23 13:25:30 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2010/07/20 03:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2010/07/20 03:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV - [2010/07/20 03:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV - [2010/07/14 04:34:00 | 006,650,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel(R)
    DRV - [2010/07/09 10:41:42 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler)
    DRV - [2010/07/09 10:41:34 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stdcfltn.sys -- (stdcfltn)
    DRV - [2010/06/21 21:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2010/05/19 22:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2010/05/18 23:42:02 | 001,660,691 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2010/04/06 00:35:56 | 000,168,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
    DRV - [2010/03/23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2010/03/19 16:39:08 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
    DRV - [2010/02/26 23:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
    DRV - [2010/02/23 13:39:56 | 000,054,048 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CBUL32.sys -- (CBUL32)
    DRV - [2010/01/19 12:50:12 | 000,235,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV - [2010/01/07 09:43:04 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2009/10/22 08:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2009/10/22 08:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
    DRV - [2009/04/21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
    DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2008/04/08 17:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
    DRV - [2007/11/14 20:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2007/09/13 09:52:18 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
    DRV - [2007/09/13 09:51:58 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
    DRV - [2007/09/13 09:51:58 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
    DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 02:08:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/04 03:26:18 | 000,000,000 | ---D | M]

    [2010/11/17 02:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rwolf\Application Data\Mozilla\Extensions
    [2010/11/17 02:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rwolf\Application Data\Mozilla\Firefox\Profiles\xlw1tb4u.default\extensions
    [2010/11/17 02:14:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\rwolf\Application Data\Mozilla\Firefox\Profiles\xlw1tb4u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/10/18 16:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/17 02:18:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/27 01:15:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/20 07:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/18 11:53:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/10/18 16:55:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2010/11/17 02:17:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/10/25 02:14:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (IEBrowserHelperObject Class) - {86EA4148-BEE6-4CEE-A72F-DA27A5112BD1} - C:\WINDOWS\system32\ssibrowserhook5.dll (Scalable Software, Inc.)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKU\.DEFAULT..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
    O4 - HKU\S-1-5-18..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
    O4 - HKU\S-1-5-21-1668661-46489196-359291519-174450..\Run: [\\192.168.0.129\EPSON WF1100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFEA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-1668661-46489196-359291519-174450..\Run: [\\rwolf00\EPSON WF1100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFEA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-1668661-46489196-359291519-174450..\Run: [PureText] C:\nuggets(migrate-to-D-drive)\PureText\PureText.exe (http://www.SteveMiller.net)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
    O4 - Startup: C:\Documents and Settings\Ralph Wolf\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablelockworkstation = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Policies\Microsoft\Internet Explorer\Persistence present
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
    O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablelockworkstation = 1
    O15 - HKLM\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
    O15 - HKLM\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: digikey.com ([ordering] https in Trusted sites)
    O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
    O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285381672593 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1285389881531 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adcorp.kla-tencor.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{175E30C5-8C70-49C8-9A9C-2F57092E95E5}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56EB5E61-440E-47A0-AF68-4ADD7964AB14}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\rwolf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\rwolf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/09/24 18:30:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,221 | R--- | M] () - C:\autoinstall.bat -- [ NTFS ]
    O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,164 | R--- | M] () - C:\autoinstalld.bat -- [ NTFS ]
    O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,532 | R--- | M] () - C:\AutomateTest.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/30 10:46:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rwolf\Desktop\OTL.exe
    [2011/10/28 11:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP PrecisionScan LT Software
    [2011/10/28 11:37:18 | 000,081,920 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\HP3300T.dll
    [2011/10/28 11:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
    [2011/10/28 11:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwolf\WINDOWS
    [2011/10/28 11:36:23 | 000,000,000 | ---D | C] -- C:\sj650
    [2011/10/25 02:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwolf\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/10/25 02:22:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/10/25 02:09:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/10/25 01:57:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/10/25 01:57:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/10/25 01:57:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/10/25 01:57:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/10/22 22:33:27 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/10/22 22:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2011/10/18 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/10/05 11:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwolf\Application Data\webex
    [2011/10/05 11:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwolf\My Documents\WebEx
    [2011/10/05 11:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
    [2011/10/03 02:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwolf\My Documents\NewBlueFX
    [2011/10/03 02:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/10/03 01:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartSound
    [2011/10/03 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
    [2011/10/03 01:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2010/09/24 19:09:15 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/30 10:44:06 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
    [2011/10/30 10:25:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/30 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KLASJ-rwolf.job
    [2011/10/30 00:05:49 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    [2011/10/30 00:05:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/10/30 00:05:44 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/29 23:56:36 | 000,449,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/10/29 23:56:36 | 000,073,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/10/29 23:52:46 | 000,000,463 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
    [2011/10/29 23:52:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/10/29 14:40:35 | 000,003,572 | RHS- | M] () -- C:\Documents and Settings\rwolf\ntuser.pol
    [2011/10/28 11:45:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
    [2011/10/27 13:40:07 | 000,018,072 | ---- | M] () -- C:\WINDOWS\cfgall.ini
    [2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rwolf\Desktop\OTL.exe
    [2011/10/25 02:14:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/10/25 02:09:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2011/10/24 17:11:42 | 000,012,282 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2011/10/22 22:33:26 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/10/21 16:33:30 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\rwolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/18 21:45:00 | 000,009,644 | ---- | M] () -- C:\Documents and Settings\rwolf\Desktop\R6357_TransitTimeModel.gif
    [2011/10/10 12:43:13 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/10/03 02:14:25 | 000,000,007 | ---- | M] () -- C:\Documents and Settings\rwolf\My Documents\tempFolderPath.dat
    [2011/10/03 01:53:17 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 10.lnk
    [2011/10/03 00:37:12 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 10.lnk
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
  18. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    OTLnormalmode.txt part 2:

    ========== Files Created - No Company Name ==========

    [2011/10/28 11:42:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
    [2011/10/28 11:42:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2011/10/28 11:37:20 | 000,001,080 | ---- | C] () -- C:\WINDOWS\AUTOLNCH.REG
    [2011/10/28 11:37:18 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
    [2011/10/28 11:37:18 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
    [2011/10/25 02:09:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/10/25 02:09:38 | 000,000,212 | ---- | C] () -- C:\Boot.bak
    [2011/10/25 01:57:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/10/25 01:57:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/10/25 01:57:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/10/25 01:57:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/10/25 01:57:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/10/19 01:05:59 | 000,009,644 | ---- | C] () -- C:\Documents and Settings\rwolf\Desktop\R6357_TransitTimeModel.gif
    [2011/10/03 02:14:25 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\rwolf\My Documents\tempFolderPath.dat
    [2011/10/03 01:53:17 | 000,002,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Elements 10.lnk
    [2011/10/03 01:53:17 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 10.lnk
    [2011/10/03 01:05:10 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KLASJ-rwolf.job
    [2011/10/03 00:48:24 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
    [2011/10/03 00:37:12 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
    [2011/10/03 00:37:12 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 10.lnk
    [2011/09/19 19:02:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2011/07/10 23:17:43 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
    [2011/07/07 16:14:56 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
    [2011/03/29 01:29:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/01/02 09:43:06 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\rwolf\Application Data\$_hpcst$.hpc
    [2010/12/26 20:18:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
    [2010/12/26 20:18:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
    [2010/12/26 19:27:40 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\rwolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/11 00:19:26 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
    [2010/11/17 19:54:06 | 000,724,992 | ---- | C] () -- C:\WINDOWS\System32\r_server.exe
    [2010/11/17 02:08:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/11/08 03:43:11 | 000,162,783 | ---- | C] () -- C:\WINDOWS\FilterPro Uninstaller.exe
    [2010/11/02 13:59:44 | 000,000,463 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
    [2010/10/15 01:03:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inscal32.INI
    [2010/10/15 00:27:26 | 000,054,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\CBUL32.sys
    [2010/09/29 10:43:40 | 000,018,072 | ---- | C] () -- C:\WINDOWS\cfgall.ini
    [2010/09/27 19:12:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
    [2010/09/27 19:12:41 | 000,006,472 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
    [2010/09/26 16:27:26 | 000,000,146 | ---- | C] () -- C:\WINDOWS\capture.INI
    [2010/09/25 11:10:06 | 002,146,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/09/25 01:11:41 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2010/09/24 20:40:09 | 000,000,866 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/09/24 19:09:15 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
    [2010/09/24 19:09:15 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
    [2010/09/24 19:09:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2010/09/24 18:32:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/09/24 18:28:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/09/24 11:18:37 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/09/24 11:17:46 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/03/23 14:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2010/03/23 14:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 05:00:00 | 000,449,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 05:00:00 | 000,073,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/04/15 09:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/04/15 09:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/11/15 15:26:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\USBCtrl.dll
    [2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
    [2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
    [2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
    [2001/11/16 23:28:34 | 000,225,402 | ---- | C] () -- C:\WINDOWS\System32\CWtoVision.dll
    [2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
    [2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
    [1998/08/05 22:01:06 | 000,823,296 | ---- | C] () -- C:\WINDOWS\System32\Nsppx.dll
    [1998/08/05 22:01:04 | 000,829,952 | ---- | C] () -- C:\WINDOWS\System32\Nspp5.dll
    [1998/08/05 22:01:04 | 000,811,520 | ---- | C] () -- C:\WINDOWS\System32\Nspp6.dll
    [1998/08/05 22:01:02 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\Nspp4.dll
    [1998/08/05 22:01:00 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\Nspm5.dll
    [1998/08/05 22:01:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Nsp.dll
    [1998/08/05 22:00:50 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\Cpuid32.dll
    [1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

    ========== LOP Check ==========

    [2011/02/03 12:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
    [2010/09/24 21:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2010/09/26 16:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2010/12/11 03:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
    [2011/10/03 02:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/01/02 09:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2010/12/11 00:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Scalable Software
    [2011/10/03 01:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2011/08/17 17:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Arduino
    [2011/10/25 02:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/12/04 00:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Mikron
    [2010/12/26 20:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Opera
    [2011/08/17 02:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\PyScripter
    [2011/01/02 09:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Samsung
    [2011/01/02 16:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\V-Planner
    [2011/10/05 11:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\webex

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/10/23 02:10:10 | 000,000,220 | ---- | M] () -- C:\aaw7boot.log
    [2010/09/26 16:56:40 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2011/08/14 16:50:42 | 000,003,356 | R--- | M] () -- C:\AITidlcompiler.bat
    [2010/09/24 18:30:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/08/14 16:50:42 | 000,000,221 | R--- | M] () -- C:\autoinstall.bat
    [2011/08/14 16:50:42 | 000,000,164 | R--- | M] () -- C:\autoinstalld.bat
    [2011/08/14 16:50:42 | 000,000,532 | R--- | M] () -- C:\AutomateTest.bat
    [2010/11/09 00:59:23 | 000,000,212 | ---- | M] () -- C:\Boot.bak
    [2011/10/25 02:09:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2011/08/14 16:50:43 | 000,176,212 | R--- | M] () -- C:\Build.exe
    [2011/08/14 16:50:43 | 000,155,700 | R--- | M] () -- C:\Build63spack.exe
    [2011/08/14 16:50:44 | 000,155,706 | R--- | M] () -- C:\Build63SPack_56.exe
    [2011/08/14 16:50:47 | 000,016,664 | R--- | M] () -- C:\builddiag.bat
    [2011/08/14 16:50:48 | 000,003,372 | R--- | M] () -- C:\Builder.bat
    [2011/08/14 16:50:49 | 000,176,212 | R--- | M] () -- C:\Buildnew.exe
    [2011/08/14 16:50:50 | 000,176,212 | R--- | M] () -- C:\BuildSP2_010207.exe
    [2011/08/14 16:50:52 | 000,176,212 | R--- | M] () -- C:\Buildsp2_021407.exe
    [2011/08/14 16:50:44 | 000,025,682 | R--- | M] () -- C:\Build_63spack.bat
    [2011/08/14 16:50:45 | 000,025,186 | R--- | M] () -- C:\Build_63spack022406.bat
    [2011/08/14 16:50:45 | 000,025,617 | R--- | M] () -- C:\Build_63spack56.bat
    [2011/08/14 16:50:45 | 000,025,687 | R--- | M] () -- C:\Build_63spack56_test.bat
    [2011/08/14 16:50:45 | 000,025,186 | R--- | M] () -- C:\Build_63spack_01052006.bat
    [2011/08/14 16:50:45 | 000,025,730 | R--- | M] () -- C:\Build_63spack_020106.bat
    [2011/08/14 16:50:46 | 000,024,842 | R--- | M] () -- C:\Build_63spack_11152005.bat
    [2011/08/14 16:50:46 | 000,023,709 | R--- | M] () -- C:\Build_63spack_826.bat
    [2011/08/14 16:50:46 | 000,024,631 | R--- | M] () -- C:\Build_63spack_913.bat
    [2011/08/14 16:50:46 | 000,024,844 | R--- | M] () -- C:\Build_63spack_926.bat
    [2011/08/14 16:50:47 | 000,025,523 | R--- | M] () -- C:\Build_63spack_non56.bat
    [2011/08/14 16:50:47 | 000,024,708 | R--- | M] () -- C:\Build_63spack_test.bat
    [2011/08/14 16:50:47 | 000,021,216 | R--- | M] () -- C:\Build_63spack_vss.bat
    [2011/08/14 16:50:47 | 000,023,276 | R--- | M] () -- C:\Build_63spack_withIC.bat
    [2011/08/14 16:50:52 | 000,000,467 | R--- | M] () -- C:\bumpver.bat
    [2011/08/14 16:50:52 | 000,018,432 | R--- | M] () -- C:\Bumpver.exe
    [2010/09/26 02:05:41 | 000,175,120 | ---- | M] () -- C:\C2C.log
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/10/25 02:22:58 | 000,037,497 | ---- | M] () -- C:\ComboFix.txt
    [2010/09/24 18:30:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/08/14 16:50:53 | 000,000,520 | R--- | M] () -- C:\convertAllModels.bat
    [2011/08/14 16:50:53 | 000,025,698 | R--- | M] () -- C:\Copy (2) of Build_63spack.bat
    [2011/08/14 16:50:53 | 000,025,333 | R--- | M] () -- C:\Copy of Build_63spack_non56.bat
    [2011/08/14 16:50:54 | 000,001,428 | R--- | M] () -- C:\copyfile.bat
    [2011/08/14 16:50:54 | 000,004,521 | R--- | M] () -- C:\copyreg.bat
    [2011/08/14 16:50:55 | 000,105,984 | R--- | M] () -- C:\ctm.exe
    [2011/08/14 16:50:55 | 000,043,008 | R--- | M] () -- C:\dbwrite.exe
    [2011/08/14 16:50:56 | 000,011,111 | R--- | M] () -- C:\DELTREE.EXE
    [2011/08/14 16:50:56 | 000,001,528 | R--- | M] () -- C:\Endmail.pl
    [2011/08/14 16:50:57 | 000,107,520 | R--- | M] () -- C:\filePoller.exe
    [2010/09/24 19:25:26 | 000,000,968 | ---- | M] () -- C:\freefallprotection.log
    [2011/08/14 16:50:57 | 000,020,566 | R--- | M] () -- C:\gtAllCur.bat
    [2011/08/14 16:50:58 | 000,018,472 | R--- | M] () -- C:\gtAllCur021407.bat
    [2011/08/14 16:50:58 | 000,011,940 | R--- | M] () -- C:\gtAllCur_old.bat
    [2011/08/14 16:50:58 | 000,005,871 | R--- | M] () -- C:\gtAllCur_withIC.bat
    [2011/08/14 16:50:59 | 000,003,656 | R--- | M] () -- C:\gtAllLab.bat
    [2011/08/14 16:50:59 | 000,000,550 | R--- | M] () -- C:\gtModCur.bat
    [2011/08/14 16:50:59 | 000,000,660 | R--- | M] () -- C:\gtModLab.bat
    [2011/08/14 16:50:59 | 000,001,764 | R--- | M] () -- C:\gtOneCur.bat
    [2011/08/14 16:51:00 | 000,001,762 | R--- | M] () -- C:\gtOneLab.bat
    [2010/09/24 18:30:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/05/16 16:15:43 | 000,018,998 | ---- | M] () -- C:\jresetup.log
    [2011/08/14 16:51:00 | 000,000,645 | R--- | M] () -- C:\LabAllGd.bat
    [2011/08/14 16:51:00 | 000,000,337 | R--- | M] () -- C:\LabGood.bat
    [2011/08/14 16:51:01 | 000,036,864 | R--- | M] () -- C:\ListViewer.exe
    [2011/08/14 16:51:01 | 000,054,384 | R--- | M] () -- C:\makefile.def
    [2011/08/14 16:51:01 | 000,001,434 | R--- | M] () -- C:\MakeJobManager.bat
    [2011/08/14 16:51:02 | 000,004,561 | R--- | M] () -- C:\MakeLeafCode.bat
    [2011/08/14 16:51:02 | 000,004,311 | R--- | M] () -- C:\MakeLeafCode_add_iADC.bat
    [2011/08/14 16:51:02 | 000,001,293 | R--- | M] () -- C:\Makeone.bat
    [2011/08/14 16:51:03 | 000,058,880 | R--- | M] () -- C:\makerpt.exe
    [2010/09/24 18:30:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/08/14 16:51:03 | 000,000,054 | R--- | M] () -- C:\nmd.cmd
    [2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/08/14 16:51:05 | 000,172,089 | R--- | M] () -- C:\osversion.exe
    [2011/10/29 23:52:14 | 4278,190,080 | -HS- | M] () -- C:\pagefile.sys
    [2011/08/14 16:51:05 | 000,001,465 | R--- | M] () -- C:\postBuild.bat
    [2011/08/14 16:51:05 | 000,000,452 | R--- | M] () -- C:\PSM.BAT
    [2011/08/20 00:58:49 | 000,001,074 | ---- | M] () -- C:\pspbrwse.jbf
    [2011/03/28 02:58:51 | 000,000,057 | ---- | M] () -- C:\RadminLogfile.txt
    [2011/08/14 16:51:07 | 000,229,439 | R--- | M] () -- C:\ReArrangeFiles.exe
    [2011/08/14 16:51:07 | 000,000,525 | R--- | M] () -- C:\setall.bat
    [2011/08/14 16:51:07 | 000,000,287 | R--- | M] () -- C:\setlabel.bat
    [2011/08/14 16:51:08 | 000,000,628 | R--- | M] () -- C:\settings.bat
    [2011/08/14 16:51:14 | 001,099,264 | R--- | M] () -- C:\SetUpSuperMake.doc
    [2011/08/14 16:51:15 | 000,000,128 | R--- | M] () -- C:\SetVCC.bat
    [2011/08/14 16:51:15 | 000,000,608 | R--- | M] () -- C:\SimpleBuild.bat
    [2011/08/14 16:51:15 | 000,020,429 | R--- | M] () -- C:\Sm.bat
    [2011/08/14 16:51:16 | 000,019,807 | R--- | M] () -- C:\Sm011707.bat
    [2011/08/14 16:51:16 | 000,000,257 | R--- | M] () -- C:\SmConfig.db
    [2011/08/14 16:51:17 | 000,019,682 | R--- | M] () -- C:\SmModels.bat
    [2011/08/14 16:51:17 | 000,001,680 | R--- | M] () -- C:\smsettings.bat
    [2011/08/14 16:51:16 | 000,017,768 | R--- | M] () -- C:\Sm_org.bat
    [2011/08/14 16:51:17 | 000,000,777 | R--- | M] () -- C:\startmail.pl
    [2011/08/14 16:51:18 | 000,105,984 | R--- | M] () -- C:\stm.exe
    [2011/10/28 11:48:54 | 000,000,495 | ---- | M] () -- C:\stub.log
    [2011/08/14 16:51:18 | 000,000,551 | R--- | M] () -- C:\supermake.ini
    [2011/10/24 11:14:45 | 000,017,137 | ---- | M] () -- C:\SystemLog.txt
    [2010/12/22 00:54:17 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
    [2011/08/14 16:51:19 | 000,113,664 | R--- | M] () -- C:\vercheck.exe
    [2011/08/14 16:51:19 | 000,000,225 | R--- | M] () -- C:\VERSION.RC2
    [2011/08/14 16:51:20 | 000,001,296 | ---- | M] () -- C:\vssver.scc
    [2011/08/14 16:51:20 | 000,002,003 | R--- | M] () -- C:\WriteStatus.bat

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/09/24 18:30:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >
    [2010/07/06 01:12:31 | 000,986,772 | ---- | M] () -- C:\WINDOWS\WhaleShark1920x1080.jpg
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2001/07/13 07:04:00 | 000,253,952 | ---- | M] () -- C:\WINDOWS\Jasc Media Center Plus.scr
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/09/24 11:16:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2010/09/24 11:16:52 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2010/09/24 11:16:52 | 000,925,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/09/24 18:30:23 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/09/28 16:08:54 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\rwolf\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/09/28 16:08:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\rwolf\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rwolf\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/08/13 22:32:20 | 011,561,000 | ---- | M] () -- C:\Documents and Settings\rwolf\My Documents\DELL_MULTI-TOUCH-TOUCHPAD_A08_R298889.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/09/28 16:08:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\rwolf\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/10/24 17:11:42 | 000,012,282 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    FilterPro Uninstaller.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/10/30 09:45:59 | 000,458,752 | -HS- | M] () -- C:\Documents and Settings\rwolf\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009/01/30 18:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2008/04/14 05:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/02 23:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2008/04/14 05:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 23:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1995/08/02 06:02:00 | 000,399,984 | ---- | M] (Bits Per Second Ltd) -- C:\WINDOWS\system\GSW16.EXE
    [1998/06/17 06:40:00 | 000,406,016 | ---- | M] (Bits Per Second Ltd) -- C:\WINDOWS\system\GSW32.EXE

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "UseWUServer" = 1

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    What?.....LOL

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - [2007/11/14 20:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
      O4 - HKU\.DEFAULT..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
      O4 - HKU\S-1-5-18..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
      O15 - HKLM\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
      O15 - HKLM\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
      O15 - HKLM\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: digikey.com ([ordering] https in Trusted sites)
      O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
      O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
      O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
      "DisableMonitoring" =-
      
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    A strange but brilliant film from the 80s about technology and society run amok.

    One of the many sub-plots is that nothing works like it is supposed to and the heroes who keep the system from collapsing are officially outlaws and troublemakers.

    Harry Tuttle, the most wanted man in the country, is a heating engineer who has gone rogue.

    Here is is doing a house call.... http://www.youtube.com/watch?v=eosrujtjJHA

    Back in a few minutes with scan results....
     
  21. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    You need to know that I foolishly started this while several other programs were still running, including a VPN and outlook.

    It spent a long time with just a blank desktop and a mouse. The mouse moved but it did not respont to Ctrl-Alt-Del. Eventually it did shut down on it's own.

    Hopefully it ran correctly, despite my blunder, but I thought you should know.

    Here is the OTL log generated after reboot:

    All processes killed
    ========== OTL ==========
    Service vsdatant stopped successfully!
    Service vsdatant deleted successfully!
    C:\WINDOWS\system32\vsdatant.sys moved successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD299682678 deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD299682678 not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\digikey.com\ordering\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Ralph Wolf
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: rwolf
    ->Temp folder emptied: 26965810 bytes
    ->Temporary Internet Files folder emptied: 217691255 bytes
    ->Java cache emptied: 183003 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 78722 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 584192 bytes

    Total Files Cleaned = 234.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Ralph Wolf
    ->Flash cache emptied: 0 bytes

    User: rwolf
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 10302011_120510

    Files\Folders moved on Reboot...
    C:\Documents and Settings\rwolf\Local Settings\Temp\ExchangePerflog_8484fa314ef77338dcd6c672.dat moved successfully.
    File\Folder C:\Documents and Settings\rwolf\Local Settings\Temp\flaCF.tmp not found!
    File\Folder C:\Documents and Settings\rwolf\Local Settings\Temp\pptCE.tmp not found!
    C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.Word\~WRF{42DC9A95-9B08-4F3E-BAF9-9E200AF25E5D}.tmp moved successfully.
    C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.Word\~WRS{AFFB0644-D781-460F-8374-E2AD81C35C17}.tmp moved successfully.
    C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.Word\~WRS{BF0A9526-60D5-4909-A6D4-A6C0104D6392}.tmp moved successfully.
    C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.Word\~WRS{CB87424D-C451-422B-832B-8B9D1CAB29F1}.tmp moved successfully.
    File\Folder C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.MSO\msoC9.tmp not found!
    File\Folder C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.MSO\msoCA.tmp not found!
    File\Folder C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.MSO\msoCB.tmp not found!
    File\Folder C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.MSO\msoCC.tmp not found!
    C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.IE5\ZQ01MAMQ\topic172485[1].html moved successfully.
    File move failed. C:\WINDOWS\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good.

    Go on....

    I think I've seen that movie long time ago.
     
  23. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    M'kay. TrendMicro block security check so I bounced to SafeMode to download it.
    Running in normal mode...
    checkup.txt:
    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    ESET Online Scanner v3
    Trend Micro OfficeScan Client
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 29
    Java(TM) 6 Update 23
    Out of date Java installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Trend Micro OfficeScan Client pccntmon.exe
    Trend Micro OfficeScan Client ntrtscan.exe
    Trend Micro OfficeScan Client tmlisten.exe
    Trend Micro OfficeScan Client TmProxy.exe
    Trend Micro OfficeScan Client CNTAoSMgr.exe
    Trend Micro BM TMBMSRV.exe
    ``````````End of Log````````````
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Uninstall Java(TM) 6 Update 23
     
  25. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    old Java is gone.
    TFC is done.
    ESET says "No Threats Found."
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...