Solved Virus opening URL and redirecting browser

Nestle82 · Jan 24, 2012

Hope I am posting this correctly.

Trend Micro blocks restricted URLs from opening every couple of minutes even when not Internet.
It appears that the virus is attempting to redirect web pages to another site. Trend micro is stopping the redirect and the browser either refreshes the web page or closes the browser. This happens in both Internet Explorer and Firefox.

My anti-virus reports this every time I perform a scan.
Anti-Virus: Trend Micro Worry-Free Business Security
File Name: mrxsmb.sys
Threat: TROJ_GEN.R37C8AG
Path: C:\WINDOWS\system32\drivers

Note: I do not have the ability to disable Trend Micro at this point. I would have to get a password from the network administrator to do this.

Mbam log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Robin :: ENG2 [administrator]

1/24/2012 2:36:24 PM
mbam-log-2012-01-24 (14-36-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242629
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

//----------------------------------------------------------------------------------------------------------------------------------

GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-24 16:10:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 WDC_WD16 rev.01.0
Running: dvqeeojy.exe; Driver: C:\DOCUME~1\ROBIN~1.APP\LOCALS~1\Temp\ugtdapow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----

//-----------------------------------------------------------------------------------------

DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Robin at 16:12:51 on 2012-01-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1412 [GMT -5:00]
.
AV: Trend Micro Security Agent *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\client server security agent\uiframework\ToolbarIE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\client server security agent\uiframework\ToolbarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://serverpdc:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://serverpdc:4343/officescan/console/ClientInstall/setup.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259762057906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259762048703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://serverpdc:4343/SMB/console/html/root/AtxEnc.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.3 68.87.72.134 68.87.77.134
TCP: Interfaces\{640B1B98-63B5-4FA3-A1D3-72037481984A} : DhcpNameServer = 192.168.1.3 68.87.72.134 68.87.77.134
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\client server security agent\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\client server security agent\uiframework\ProToolbarIMRatingActiveX.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robin.appliedin\application data\mozilla\firefox\profiles\thh1rt9x.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-4-28 120832]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-5-17 196320]
R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\GpibPrtK.sys [2006-6-15 191488]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-5-25 47640]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [2009-10-16 28080]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-5-17 65296]
R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [2009-10-16 9984]
R3 Dta1xx;Dta1xx;c:\windows\system32\drivers\Dta1xx.sys [2010-5-20 103448]
R3 MCHPUSB;MCHPUSB;c:\windows\system32\drivers\mchpusb.sys [2009-9-3 61440]
R3 nipalusb;NI-PAL USB Driver;c:\windows\system32\drivers\nipalusb.sys [2006-3-27 105472]
S1 CEC488;CEC488;c:\windows\system32\drivers\CEC488.sys [2006-6-15 11264]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files\roxio\backontrack\file backup\FileBackupSVC.exe [2008-2-12 76272]
S3 DirectIO;DirectIO;c:\windows\system32\drivers\DirectIO.sys [2008-12-15 3408]
S3 GP8PSK;Genpix USB Driver (3.4.0.110);c:\windows\system32\drivers\genpix.sys [2011-8-9 38400]
S3 jlink;J-Link driver;c:\windows\system32\drivers\jlink.sys [2011-12-5 14208]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-7-18 1120752]
S3 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-7-18 166384]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-7-18 309744]
.
=============== Created Last 30 ================
.
2012-01-24 20:48:57 -------- d-----w- c:\documents and settings\robin.appliedin\local settings\application data\Temp
2012-01-24 17:27:08 -------- d-----w- c:\documents and settings\robin.appliedin\application data\IAR Embedded Workbench
2012-01-24 16:16:26 -------- d-----w- c:\program files\CCleaner
2012-01-23 23:08:19 -------- d-----w- c:\documents and settings\robin.appliedin\application data\Malwarebytes
2012-01-23 23:02:52 -------- d-----w- c:\documents and settings\robin.appliedin\local settings\application data\Plugins
2012-01-23 23:02:49 -------- d-----w- c:\documents and settings\robin.appliedin\application data\Processor Expert
2012-01-23 23:02:48 -------- d-----w- c:\documents and settings\robin.appliedin\local settings\application data\Metrowerks
2012-01-23 22:55:47 -------- d-----w- c:\documents and settings\robin.appliedin\local settings\application data\Mozilla
2012-01-23 22:52:43 -------- d-sh--w- c:\documents and settings\robin.appliedin\IECompatCache
2012-01-23 22:47:02 -------- d-sh--w- c:\documents and settings\robin.appliedin\PrivacIE
2012-01-23 22:38:47 -------- d-----w- c:\documents and settings\robin.appliedin\workspace
2012-01-23 22:38:47 -------- d-----w- c:\documents and settings\robin.appliedin\WINDOWS
2012-01-23 22:33:32 -------- d-----w- c:\documents and settings\robin.appliedin\AppVerifierLogs
2012-01-23 18:24:17 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-23 18:24:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-20 22:39:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-20 22:39:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-20 22:39:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-20 15:34:20 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-19 21:57:12 11264 ----a-w- c:\windows\DCEBoot.exe
2012-01-19 19:12:48 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-01-19 19:06:06 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-19 19:06:06 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-19 19:06:06 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-19 19:06:06 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-13 15:33:07 -------- d-----w- C:\FlashUpdate
2012-01-12 23:43:10 35328 ----a-w- c:\windows\system32\drivers\SNTNLUSB.SYS
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-24 17:31:15 73 ----a-w- c:\windows\system32\ssprs.dll
2012-01-24 17:31:14 341 ----a-w- c:\windows\system32\lsprst7.dll
2011-12-05 21:26:51 14208 ----a-w- c:\windows\system32\drivers\jlink.sys
2011-12-02 17:49:00 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-12-02 17:33:04 1024 ----a-w- c:\windows\system32\clauth2.dll
2011-12-02 17:33:04 1024 ----a-w- c:\windows\system32\clauth1.dll
2011-12-02 17:33:04 0 ----a-w- c:\windows\system32\serauth2.dll
2011-12-02 17:33:04 0 ----a-w- c:\windows\system32\serauth1.dll
2011-12-02 17:33:04 0 ----a-w- c:\windows\system32\nsprs.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 15:25:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-09 21:22:26 59 --sha-w- c:\windows\WINPROD.DLL
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 16:13:19.01 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2009 7:37:43 AM
System Uptime: 1/24/2012 2:53:38 PM (2 hours ago)
.
Motherboard: MSI | | MS-7309
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | CPU 1 | 2310/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 129 GiB total, 104.888 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 16.122 GiB free.
E: is CDROM ()
F: is NetworkDisk (NTFS) - 382 GiB total, 344.958 GiB free.
J: is NetworkDisk (NTFS) - 98 GiB total, 9.324 GiB free.
L: is NetworkDisk (NTFS) - 382 GiB total, 344.958 GiB free.
M: is NetworkDisk (NTFS) - 98 GiB total, 9.324 GiB free.
N: is NetworkDisk (NTFS) - 382 GiB total, 344.958 GiB free.
V: is NetworkDisk (NTFS) - 98 GiB total, 9.324 GiB free.
W: is NetworkDisk (NTFS) - 382 GiB total, 344.958 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Broadband Studio 2
Broadband Studio 2 Bcm94506 PlugIn
Broadband Studio 3
Broadband Studio 3 - Bcm94506
Business Contact Manager for Outlook 2007 SP2
CCleaner
CodeWarrior Development Studio for Microcontrollers V6.2
DVB Dream version 1.5f
GPIB-488 version 2.0
Hardlock Device Drivers
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Standard Edition - ENU (KB971091)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IAR Embedded Workbench for ARM 5.40
Internet Explorer (Enable DEP)
Ipswitch WS_FTP 12
Java Auto Updater
Java(TM) 6 Update 30
Malwarebytes Anti-Malware version 1.60.0.1800
Mentor Graphics Products
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Document Explorer 2008
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Script Debugger
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2008 Standard Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Windows Theme Nunavut
Microsoft WinUsb 1.0
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
NVIDIA Drivers
OGA Notifier 2.0.0048.0
P&E Cyclone Pro Programmer
P&E Device Drivers
PEMICRO Demo QE Toolkit
QBridge Control Center
Radioshack USB-to-Serial cable
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio Creator XE
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel Protection Installer 7.3.0
Sentinel System Driver
Sentinel System Driver Installer 7.4.2
Sonic CinePlayer Decoder Pack
StreamXpress Stream Player (DTC-300)
Total Phase USB Driver v2.01
Trend Micro Worry-Free Business Security Agent
TSReader Lite 2.8.46g
TunerTalk
TVicPort 4.1 Free Personal Edition
UC-232A USB-to-Serial
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Visual Studio 2008 Standard Edition - ENU (KB972221)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Valon Technology, LLC 5007 Config Mgr - Admin Version 1.2.4
VLC media player 1.1.11
WebFldrs XP
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Driver Package - Segger (jlink) USB (01/09/2007 2.6.5.0)
Windows Driver Package - SofTec Microsystems (sft02) SofTecUSBDevices (02/07/2007 2.40.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
1/23/2012 10:45:46 AM, error: PlugPlayManager [12] - The device 'NIPALK' (Root\LEGACY_NIPALK\0000) disappeared from the system without first being prepared for removal.
1/23/2012 1:03:21 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
1/20/2012 10:22:04 AM, error: nvgts [9] - The device, \Device\Scsi\nvgts1, did not respond within the timeout period.
1/20/2012 10:22:04 AM, error: nvgts [5] - A parity error was detected on \Device\Scsi\nvgts1.
1/19/2012 8:09:55 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
1/19/2012 5:16:46 PM, error: NETLOGON [5719] - No Domain Controller is available for domain APPLIEDIN due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/19/2012 2:41:39 PM, error: NETLOGON [5719] - No Domain Controller is available for domain APPLIEDIN due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/19/2012 2:30:42 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Broni · Jan 24, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

I do not have the ability to disable Trend Micro at this point. I would have to get a password from the network administrator to do this.

If this is work computer do so and obtain a permission to work on this machine.

When done...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==========================================================

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

Nestle82 · Jan 24, 2012

Next Step

I can now turn off my Trend Micro anti virus if needed.

Here are the scan results:

-----------------------------------------------------------------------------
aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-24 16:40:56
-----------------------------
16:40:56.015 OS Version: Windows 5.1.2600 Service Pack 3
16:40:56.015 Number of processors: 2 586 0x6B02
16:40:56.015 ComputerName: ENG2 UserName:
16:40:56.781 Initialize success
16:42:09.421 AVAST engine defs: 12012400
16:42:23.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
16:42:23.640 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 1
16:42:23.640 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b7eeb40e
16:42:23.656 Disk 0 MBR read successfully
16:42:23.656 Disk 0 MBR scan
16:42:23.718 Disk 0 Windows VISTA default MBR code
16:42:23.718 Disk 0 Partition - 00 0F Extended LBA 20480 MB offset 2048
16:42:23.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 132145 MB offset 41945088
16:42:23.796 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20479 MB offset 4096
16:42:23.812 Disk 0 scanning sectors +312578048
16:42:23.984 Disk 0 scanning C:\WINDOWS\system32\drivers
16:42:48.656 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **SUSPICIOUS**
16:43:08.468 Disk 0 trace - called modules:
16:43:08.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x891b8ff0]<<
16:43:08.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a507030]
16:43:08.500 3 CLASSPNP.SYS[b80c8fd7] -> nt!IofCallDriver -> [0x89224bc0]
16:43:08.500 \Driver\00000504[0x89224ce8] -> IRP_MJ_CREATE -> 0x891b8ff0
16:43:09.125 AVAST engine scan C:\WINDOWS
16:43:44.656 AVAST engine scan C:\WINDOWS\system32
16:51:49.828 AVAST engine scan C:\WINDOWS\system32\drivers
16:52:21.625 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **SUSPICIOUS**
16:53:14.968 AVAST engine scan C:\Documents and Settings\Robin.APPLIEDIN
17:09:47.843 AVAST engine scan C:\Documents and Settings\All Users
17:11:06.875 Scan finished successfully
17:11:25.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robin.APPLIEDIN\Desktop\aswMBR\MBR.dat"
17:11:25.734 The log file has been saved successfully to "C:\Documents and Settings\Robin.APPLIEDIN\Desktop\aswMBR\aswMBR.txt"

-----------------------------------------------------------------------------------------------

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000005`00100000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

Nestle82 · Jan 24, 2012

Also wanted to note...

Bootkit Remover displayed an error popup message during its scan. It stated "ATA_PASS_THROUGH_DIRECT is not supported by your disk controller. SCSI_PASS_THROUGH will be use for disk I/O."

The rest of the test seemed to complete ok though.

Broni · Jan 24, 2012

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Nestle82 · Jan 24, 2012

Cool! That seemed to help.

Here's the log.

18:24:36.0062 0352 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
18:24:36.0531 0352 ============================================================
18:24:36.0531 0352 Current date / time: 2012/01/24 18:24:36.0531
18:24:36.0531 0352 SystemInfo:
18:24:36.0531 0352
18:24:36.0531 0352 OS Version: 5.1.2600 ServicePack: 3.0
18:24:36.0531 0352 Product type: Workstation
18:24:36.0531 0352 ComputerName: ENG2
18:24:36.0531 0352 UserName: Robin
18:24:36.0531 0352 Windows directory: C:\WINDOWS
18:24:36.0531 0352 System windows directory: C:\WINDOWS
18:24:36.0531 0352 Processor architecture: Intel x86
18:24:36.0531 0352 Number of processors: 2
18:24:36.0531 0352 Page size: 0x1000
18:24:36.0531 0352 Boot type: Normal boot
18:24:36.0531 0352 ============================================================
18:24:37.0703 0352 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:24:37.0796 0352 Initialize success
18:24:42.0296 1468 ============================================================
18:24:42.0296 1468 Scan started
18:24:42.0296 1468 Mode: Manual;
18:24:42.0296 1468 ============================================================
18:24:42.0687 1468 Abiosdsk - ok
18:24:42.0734 1468 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:24:42.0734 1468 abp480n5 - ok
18:24:42.0750 1468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:24:42.0765 1468 ACPI - ok
18:24:42.0765 1468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:24:42.0781 1468 ACPIEC - ok
18:24:42.0781 1468 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:24:42.0781 1468 adpu160m - ok
18:24:42.0828 1468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:24:42.0828 1468 aec - ok
18:24:42.0875 1468 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:24:42.0890 1468 AFD - ok
18:24:42.0890 1468 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:24:42.0890 1468 agp440 - ok
18:24:42.0906 1468 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:24:42.0906 1468 agpCPQ - ok
18:24:42.0906 1468 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:24:42.0906 1468 Aha154x - ok
18:24:42.0937 1468 ahcix86 (18876330870fe64bf38dd5e3bfac110b) C:\WINDOWS\system32\DRIVERS\ahcix86.sys
18:24:42.0937 1468 ahcix86 - ok
18:24:42.0937 1468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:24:42.0937 1468 aic78u2 - ok
18:24:42.0953 1468 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:24:42.0953 1468 aic78xx - ok
18:24:42.0968 1468 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:24:42.0968 1468 AliIde - ok
18:24:42.0968 1468 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:24:42.0984 1468 alim1541 - ok
18:24:42.0984 1468 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:24:42.0984 1468 amdagp - ok
18:24:43.0000 1468 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:24:43.0000 1468 amsint - ok
18:24:43.0015 1468 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
18:24:43.0015 1468 AN983 - ok
18:24:43.0031 1468 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:24:43.0031 1468 asc - ok
18:24:43.0031 1468 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:24:43.0046 1468 asc3350p - ok
18:24:43.0046 1468 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:24:43.0046 1468 asc3550 - ok
18:24:43.0078 1468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:24:43.0078 1468 AsyncMac - ok
18:24:43.0093 1468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:24:43.0093 1468 atapi - ok
18:24:43.0093 1468 Atdisk - ok
18:24:43.0125 1468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:24:43.0125 1468 Atmarpc - ok
18:24:43.0140 1468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:24:43.0140 1468 audstub - ok
18:24:43.0187 1468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:24:43.0187 1468 Beep - ok
18:24:43.0203 1468 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:24:43.0203 1468 cbidf - ok
18:24:43.0203 1468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:24:43.0203 1468 cbidf2k - ok
18:24:43.0218 1468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:24:43.0218 1468 cd20xrnt - ok
18:24:43.0265 1468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:24:43.0265 1468 Cdaudio - ok
18:24:43.0265 1468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:24:43.0265 1468 Cdfs - ok
18:24:43.0281 1468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:24:43.0296 1468 Cdrom - ok
18:24:43.0328 1468 CEC488 (c24f726caa347571038799490a4d72f9) C:\WINDOWS\system32\drivers\CEC488.sys
18:24:43.0343 1468 CEC488 - ok
18:24:43.0343 1468 Changer - ok
18:24:43.0359 1468 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:24:43.0375 1468 CmdIde - ok
18:24:43.0390 1468 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:24:43.0390 1468 Cpqarray - ok
18:24:43.0406 1468 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:24:43.0406 1468 dac2w2k - ok
18:24:43.0421 1468 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:24:43.0421 1468 dac960nt - ok
18:24:43.0468 1468 DirectIO (b83f981476c89fce60e6022b17504bd0) C:\WINDOWS\system32\Drivers\DirectIO.sys
18:24:43.0484 1468 DirectIO - ok
18:24:43.0484 1468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:24:43.0500 1468 Disk - ok
18:24:43.0531 1468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:24:43.0546 1468 dmboot - ok
18:24:43.0562 1468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:24:43.0562 1468 dmio - ok
18:24:43.0593 1468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:24:43.0593 1468 dmload - ok
18:24:43.0640 1468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:24:43.0640 1468 DMusic - ok
18:24:43.0656 1468 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:24:43.0656 1468 dpti2o - ok
18:24:43.0703 1468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:24:43.0703 1468 drmkaud - ok
18:24:43.0750 1468 Dta1xx (84140851e75cef73ef2104c7267b3fb8) C:\WINDOWS\system32\DRIVERS\Dta1xx.sys
18:24:43.0765 1468 Dta1xx - ok
18:24:43.0796 1468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:24:43.0812 1468 Fastfat - ok
18:24:43.0828 1468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:24:43.0828 1468 Fdc - ok
18:24:43.0843 1468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:24:43.0843 1468 Fips - ok
18:24:43.0859 1468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:24:43.0859 1468 Flpydisk - ok
18:24:43.0890 1468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:24:43.0890 1468 FltMgr - ok
18:24:43.0906 1468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:24:43.0906 1468 Fs_Rec - ok
18:24:43.0953 1468 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
18:24:43.0968 1468 FTDIBUS - ok
18:24:43.0968 1468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:24:43.0968 1468 Ftdisk - ok
18:24:43.0984 1468 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys
18:24:44.0000 1468 FTSER2K - ok
18:24:44.0031 1468 GIVEIO (6914627bb24739b1dc1d3c03aa24833d) C:\WINDOWS\SYSTEM32\DRIVERS\GIVEIO.SYS
18:24:44.0046 1468 GIVEIO - ok
18:24:44.0078 1468 GP8PSK (42dfbb0f502e4b5a85e1bf21f4a454d1) C:\WINDOWS\system32\Drivers\genpix.sys
18:24:44.0093 1468 GP8PSK - ok
18:24:44.0125 1468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:24:44.0125 1468 Gpc - ok
18:24:44.0171 1468 GpibPrtK (7caff0f7785528ce20d31e0cd6c39027) C:\WINDOWS\system32\drivers\gpibprtk.sys
18:24:44.0187 1468 GpibPrtK - ok
18:24:44.0234 1468 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
18:24:44.0250 1468 Hardlock - ok
18:24:44.0265 1468 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:24:44.0265 1468 HDAudBus - ok
18:24:44.0312 1468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:24:44.0312 1468 HidUsb - ok
18:24:44.0343 1468 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:24:44.0343 1468 hpn - ok
18:24:44.0406 1468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:24:44.0406 1468 HTTP - ok
18:24:44.0437 1468 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:24:44.0437 1468 i2omgmt - ok
18:24:44.0453 1468 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:24:44.0453 1468 i2omp - ok
18:24:44.0500 1468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:24:44.0500 1468 i8042prt - ok
18:24:44.0531 1468 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:24:44.0531 1468 iaStor - ok
18:24:44.0562 1468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:24:44.0562 1468 Imapi - ok
18:24:44.0578 1468 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:24:44.0578 1468 ini910u - ok
18:24:44.0718 1468 IntcAzAudAddService (81b7003bf13ff3ac95d7b2d4c2e8f787) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:24:44.0859 1468 IntcAzAudAddService - ok
18:24:44.0875 1468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:24:44.0875 1468 IntelIde - ok
18:24:44.0906 1468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:24:44.0906 1468 Ip6Fw - ok
18:24:44.0921 1468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:24:44.0921 1468 IpFilterDriver - ok
18:24:44.0937 1468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:24:44.0937 1468 IpInIp - ok
18:24:44.0968 1468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:24:44.0968 1468 IpNat - ok
18:24:45.0015 1468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:24:45.0015 1468 IPSec - ok
18:24:45.0046 1468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:24:45.0046 1468 IRENUM - ok
18:24:45.0062 1468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:24:45.0062 1468 isapnp - ok
18:24:45.0093 1468 jlink (2a2b575b66e9843c55a7e63218b4ef9f) C:\WINDOWS\system32\Drivers\jlink.sys
18:24:45.0093 1468 jlink - ok
18:24:45.0140 1468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:24:45.0140 1468 Kbdclass - ok
18:24:45.0171 1468 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:24:45.0171 1468 kbdhid - ok
18:24:45.0218 1468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:24:45.0218 1468 kmixer - ok
18:24:45.0234 1468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:24:45.0250 1468 KSecDD - ok
18:24:45.0250 1468 lbrtfdc - ok
18:24:45.0265 1468 LMIInfo - ok
18:24:45.0312 1468 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
18:24:45.0312 1468 lmimirr - ok
18:24:45.0312 1468 LMIRfsClientNP - ok
18:24:45.0343 1468 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
18:24:45.0343 1468 LMIRfsDriver - ok
18:24:45.0390 1468 MCHPUSB (75fc98b97a8139be091cc4e5e9095f91) C:\WINDOWS\system32\drivers\mchpusb.sys
18:24:45.0406 1468 MCHPUSB - ok
18:24:45.0468 1468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:24:45.0468 1468 mnmdd - ok
18:24:45.0500 1468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:24:45.0500 1468 Modem - ok
18:24:45.0531 1468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:24:45.0531 1468 Mouclass - ok
18:24:45.0578 1468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:24:45.0578 1468 mouhid - ok
18:24:45.0578 1468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:24:45.0578 1468 MountMgr - ok
18:24:45.0593 1468 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:24:45.0593 1468 mraid35x - ok
18:24:45.0609 1468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:24:45.0609 1468 MRxDAV - ok
18:24:45.0640 1468 MRxSmb (223a6c7b8803e46f621e8945aaf8f013) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:24:45.0687 1468 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 223a6c7b8803e46f621e8945aaf8f013, Fake md5: 7d304a5eb4344ebeeab53a2fe3ffb9f0
18:24:45.0703 1468 MRxSmb ( Virus.Win32.ZAccess.k ) - infected
18:24:45.0703 1468 MRxSmb - detected Virus.Win32.ZAccess.k (0)
18:24:45.0718 1468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:24:45.0718 1468 Msfs - ok
18:24:45.0750 1468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:24:45.0750 1468 MSKSSRV - ok
18:24:45.0765 1468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:24:45.0765 1468 MSPCLOCK - ok
18:24:45.0765 1468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:24:45.0781 1468 MSPQM - ok
18:24:45.0796 1468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:24:45.0796 1468 mssmbios - ok
18:24:45.0859 1468 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:24:45.0859 1468 Mup - ok
18:24:45.0875 1468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:24:45.0875 1468 NDIS - ok
18:24:45.0921 1468 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:24:45.0937 1468 NdisTapi - ok
18:24:45.0984 1468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:24:45.0984 1468 Ndisuio - ok
18:24:45.0984 1468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:24:46.0000 1468 NdisWan - ok
18:24:46.0031 1468 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:24:46.0031 1468 NDProxy - ok
18:24:46.0046 1468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:24:46.0046 1468 NetBIOS - ok
18:24:46.0093 1468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:24:46.0093 1468 NetBT - ok
18:24:46.0171 1468 NIPALK (eb81a127a2b56c9c6ee2f015fe1513e7) C:\WINDOWS\system32\drivers\nipalk.sys
18:24:46.0171 1468 NIPALK - ok
18:24:46.0187 1468 nipalusb (c3763f22fcc33d57a690152bfbccacd1) C:\WINDOWS\system32\DRIVERS\nipalusb.sys
18:24:46.0218 1468 nipalusb - ok
18:24:46.0234 1468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:24:46.0234 1468 Npfs - ok
18:24:46.0296 1468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:24:46.0296 1468 Ntfs - ok
18:24:46.0359 1468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:24:46.0359 1468 Null - ok
18:24:46.0687 1468 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:24:46.0984 1468 nv - ok
18:24:47.0078 1468 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:24:47.0078 1468 NVENETFD - ok
18:24:47.0125 1468 nvgts (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys
18:24:47.0125 1468 nvgts - ok
18:24:47.0171 1468 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:24:47.0171 1468 nvnetbus - ok
18:24:47.0187 1468 nvrd32 (3802044ad8385654c620488da8c9f0d9) C:\WINDOWS\system32\DRIVERS\nvrd32.sys
18:24:47.0203 1468 nvrd32 - ok
18:24:47.0218 1468 nvsmu (03dbb885deae94f06c06ec06acdb8b47) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
18:24:47.0218 1468 nvsmu - ok
18:24:47.0234 1468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:24:47.0234 1468 NwlnkFlt - ok
18:24:47.0250 1468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:24:47.0250 1468 NwlnkFwd - ok
18:24:47.0296 1468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:24:47.0296 1468 Parport - ok
18:24:47.0296 1468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:24:47.0312 1468 PartMgr - ok
18:24:47.0328 1468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:24:47.0328 1468 ParVdm - ok
18:24:47.0328 1468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:24:47.0328 1468 PCI - ok
18:24:47.0343 1468 PCIDump - ok
18:24:47.0375 1468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:24:47.0375 1468 PCIIde - ok
18:24:47.0406 1468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:24:47.0406 1468 Pcmcia - ok
18:24:47.0421 1468 PDCOMP - ok
18:24:47.0421 1468 PDFRAME - ok
18:24:47.0437 1468 PDRELI - ok
18:24:47.0437 1468 PDRFRAME - ok
18:24:47.0484 1468 PEDRV (ec726effe5e7736f555b864e21a121d9) C:\WINDOWS\system32\drivers\PEDRV.sys
18:24:47.0500 1468 PEDRV - ok
18:24:47.0500 1468 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:24:47.0500 1468 perc2 - ok
18:24:47.0515 1468 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:24:47.0515 1468 perc2hib - ok
18:24:47.0562 1468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:24:47.0562 1468 PptpMiniport - ok
18:24:47.0562 1468 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:24:47.0562 1468 Processor - ok
18:24:47.0578 1468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:24:47.0578 1468 PSched - ok
18:24:47.0609 1468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:24:47.0609 1468 Ptilink - ok
18:24:47.0640 1468 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:24:47.0640 1468 PxHelp20 - ok
18:24:47.0656 1468 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:24:47.0656 1468 ql1080 - ok
18:24:47.0656 1468 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:24:47.0671 1468 Ql10wnt - ok
18:24:47.0671 1468 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:24:47.0671 1468 ql12160 - ok
18:24:47.0687 1468 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:24:47.0687 1468 ql1240 - ok
18:24:47.0687 1468 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:24:47.0687 1468 ql1280 - ok
18:24:47.0734 1468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:24:47.0734 1468 RasAcd - ok
18:24:47.0734 1468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:24:47.0750 1468 Rasl2tp - ok
18:24:47.0750 1468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:24:47.0750 1468 RasPppoe - ok
18:24:47.0765 1468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:24:47.0765 1468 Raspti - ok
18:24:47.0781 1468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:24:47.0781 1468 Rdbss - ok
18:24:47.0796 1468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:24:47.0796 1468 RDPCDD - ok
18:24:47.0812 1468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:24:47.0812 1468 rdpdr - ok
18:24:47.0859 1468 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:24:47.0859 1468 RDPWD - ok
18:24:47.0875 1468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:24:47.0875 1468 redbook - ok
18:24:47.0937 1468 RxFilter (9edbcb3604d381505e5b80f68a84bd58) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
18:24:47.0937 1468 RxFilter - ok
18:24:47.0984 1468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:24:47.0984 1468 Secdrv - ok
18:24:48.0015 1468 Sentinel (618a8eb6c3a830b7301df1dfd99854b2) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
18:24:48.0031 1468 Sentinel - ok
18:24:48.0046 1468 Ser2pl (c6bb9aadb4b1736c2e0b6c29b44f3890) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
18:24:48.0078 1468 Ser2pl - ok
18:24:48.0078 1468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:24:48.0093 1468 serenum - ok
18:24:48.0093 1468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:24:48.0093 1468 Serial - ok
18:24:48.0140 1468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:24:48.0140 1468 Sfloppy - ok
18:24:48.0140 1468 Simbad - ok
18:24:48.0203 1468 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:24:48.0203 1468 sisagp - ok
18:24:48.0250 1468 SNTNLUSB (8d4a96868ae13c3cf8425b383b59d802) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
18:24:48.0265 1468 SNTNLUSB - ok
18:24:48.0265 1468 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:24:48.0265 1468 Sparrow - ok
18:24:48.0296 1468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:24:48.0296 1468 splitter - ok
18:24:48.0328 1468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:24:48.0328 1468 sr - ok
18:24:48.0359 1468 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:24:48.0375 1468 Srv - ok
18:24:48.0406 1468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:24:48.0406 1468 swenum - ok
18:24:48.0421 1468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:24:48.0421 1468 swmidi - ok
18:24:48.0437 1468 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:24:48.0437 1468 symc810 - ok
18:24:48.0468 1468 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:24:48.0468 1468 symc8xx - ok
18:24:48.0500 1468 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:24:48.0500 1468 sym_hi - ok
18:24:48.0500 1468 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:24:48.0500 1468 sym_u3 - ok
18:24:48.0546 1468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:24:48.0546 1468 sysaudio - ok
18:24:48.0609 1468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:24:48.0609 1468 Tcpip - ok
18:24:48.0640 1468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:24:48.0640 1468 TDPIPE - ok
18:24:48.0640 1468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:24:48.0640 1468 TDTCP - ok
18:24:48.0671 1468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:24:48.0671 1468 TermDD - ok
18:24:48.0734 1468 tmactmon (7131c804d8847b695125bb8d91d64ee0) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
18:24:48.0750 1468 tmactmon - ok
18:24:48.0796 1468 tmcomm (09f386a6ec8d6c37bfa0d5394cb186c1) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
18:24:48.0796 1468 tmcomm - ok
18:24:48.0812 1468 tmevtmgr (c75310cbd1bccf3469c834143bc2390c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
18:24:48.0828 1468 tmevtmgr - ok
18:24:48.0843 1468 tmtdi (69bf24e2871088115f422d6c7f41c400) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
18:24:48.0859 1468 tmtdi - ok
18:24:48.0906 1468 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:24:48.0906 1468 TosIde - ok
18:24:48.0953 1468 TVicPort (3147063508eae931becc01573c204fac) C:\WINDOWS\system32\drivers\TVicPort.sys
18:24:48.0968 1468 TVicPort - ok
18:24:49.0000 1468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:24:49.0000 1468 Udfs - ok
18:24:49.0015 1468 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:24:49.0015 1468 ultra - ok
18:24:49.0046 1468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:24:49.0062 1468 Update - ok
18:24:49.0109 1468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:24:49.0109 1468 usbccgp - ok
18:24:49.0125 1468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:24:49.0125 1468 usbehci - ok
18:24:49.0140 1468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:24:49.0140 1468 usbhub - ok
18:24:49.0156 1468 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:24:49.0156 1468 usbohci - ok
18:24:49.0187 1468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:24:49.0187 1468 usbscan - ok
18:24:49.0203 1468 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
18:24:49.0203 1468 usbser - ok
18:24:49.0218 1468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:24:49.0218 1468 USBSTOR - ok
18:24:49.0234 1468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:24:49.0234 1468 VgaSave - ok
18:24:49.0265 1468 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:24:49.0265 1468 viaagp - ok
18:24:49.0296 1468 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:24:49.0296 1468 ViaIde - ok
18:24:49.0312 1468 VICHW11 (316229487bcd5dca88b1ad04faa861a2) C:\WINDOWS\system32\drivers\VICHW11.sys
18:24:49.0328 1468 VICHW11 - ok
18:24:49.0343 1468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:24:49.0343 1468 VolSnap - ok
18:24:49.0375 1468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:24:49.0375 1468 Wanarp - ok
18:24:49.0437 1468 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:24:49.0437 1468 Wdf01000 - ok
18:24:49.0453 1468 WDICA - ok
18:24:49.0484 1468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:24:49.0484 1468 wdmaud - ok
18:24:49.0515 1468 WinDriver6 (60c9339b020054ac604569ec7f4c995e) C:\WINDOWS\system32\drivers\windrvr6.sys
18:24:49.0531 1468 WinDriver6 - ok
18:24:49.0578 1468 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
18:24:49.0593 1468 WinUSB - ok
18:24:49.0625 1468 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:24:49.0625 1468 WudfPf - ok
18:24:49.0640 1468 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:24:49.0656 1468 WudfRd - ok
18:24:49.0687 1468 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:24:49.0734 1468 \Device\Harddisk0\DR0 - ok
18:24:49.0750 1468 Boot (0x1200) (0b9ef764468e4df45ff3efe2e9a5e3b4) \Device\Harddisk0\DR0\Partition0
18:24:49.0750 1468 \Device\Harddisk0\DR0\Partition0 - ok
18:24:49.0750 1468 Boot (0x1200) (e4ffc42de50b78bf76ffab496110ef8e) \Device\Harddisk0\DR0\Partition1
18:24:49.0750 1468 \Device\Harddisk0\DR0\Partition1 - ok
18:24:49.0750 1468 ============================================================
18:24:49.0750 1468 Scan finished
18:24:49.0750 1468 ============================================================
18:24:49.0765 2592 Detected object count: 1
18:24:49.0765 2592 Actual detected object count: 1
18:25:01.0640 2592 Backup copy found, using it..
18:25:01.0781 2592 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
18:25:02.0968 2592 MRxSmb ( Virus.Win32.ZAccess.k ) - User select action: Cure
18:25:05.0375 2212 Deinitialize success

Broni · Jan 24, 2012

Good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Nestle82 · Jan 24, 2012

Thanks for your help so far. Looks like things are clearing up. I have to leave but I'm excited to get this cleared up tomorrow.

Here is the combofix log.

ComboFix 12-01-23.02 - Robin 01/24/2012 18:45:44.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1636 [GMT -5:00]
Running from: c:\documents and settings\Robin.APPLIEDIN\Desktop\ComboFix\ComboFix.exe
AV: Trend Micro Security Agent *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Robin.AI\WINDOWS
c:\documents and settings\Robin.APPLIEDIN\WINDOWS
c:\drivers\install.bat
c:\windows\$NtUninstallKB64497$
c:\windows\$NtUninstallKB64497$\1423501382
c:\windows\$NtUninstallKB64497$\3980465840\@
c:\windows\$NtUninstallKB64497$\3980465840\bckfg.tmp
c:\windows\$NtUninstallKB64497$\3980465840\cfg.ini
c:\windows\$NtUninstallKB64497$\3980465840\Desktop.ini
c:\windows\$NtUninstallKB64497$\3980465840\keywords
c:\windows\$NtUninstallKB64497$\3980465840\kwrd.dll
c:\windows\$NtUninstallKB64497$\3980465840\L\iiufwroj
c:\windows\$NtUninstallKB64497$\3980465840\lsflt7.ver
c:\windows\$NtUninstallKB64497$\3980465840\U\00000001.@
c:\windows\$NtUninstallKB64497$\3980465840\U\00000002.@
c:\windows\$NtUninstallKB64497$\3980465840\U\00000004.@
c:\windows\$NtUninstallKB64497$\3980465840\U\80000000.@
c:\windows\$NtUninstallKB64497$\3980465840\U\80000004.@
c:\windows\$NtUninstallKB64497$\3980465840\U\80000032.@
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\win.ini
c:\windows\WINPROD.DLL
D:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-24 16:16 . 2012-01-24 16:16 -------- d-----w- c:\program files\CCleaner
2012-01-23 22:24 . 2012-01-23 22:24 -------- d-----w- c:\documents and settings\Robin
2012-01-23 22:20 . 2012-01-23 22:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ipswitch
2012-01-23 18:24 . 2012-01-23 18:24 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-20 22:39 . 2012-01-20 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-20 22:39 . 2012-01-23 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-20 22:39 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-20 16:17 . 2012-01-20 16:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-20 15:34 . 2012-01-23 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-19 21:57 . 2012-01-24 15:55 11264 ----a-w- c:\windows\DCEBoot.exe
2012-01-19 19:13 . 2012-01-19 19:13 -------- d-----w- c:\program files\Common Files\Java
2012-01-19 19:12 . 2011-11-10 10:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-01-19 19:06 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-19 19:06 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-19 19:06 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-19 19:06 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-13 15:33 . 2012-01-23 23:04 -------- d-----w- C:\FlashUpdate
2012-01-12 23:43 . 2007-04-27 12:40 35328 ----a-w- c:\windows\system32\drivers\SNTNLUSB.SYS
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 23:26 . 2008-04-26 00:05 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-05 21:26 . 2011-12-05 21:26 14208 ----a-w- c:\windows\system32\drivers\jlink.sys
2011-11-25 21:57 . 2008-04-26 00:05 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-26 00:05 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 15:25 . 2011-06-09 16:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35 . 2008-04-26 00:05 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-10 10:54 . 2010-05-13 13:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 08:27 . 2009-12-29 20:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2008-04-26 00:05 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-26 00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-26 00:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-26 00:05 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-26 00:05 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-26 00:05 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-26 00:05 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-26 00:05 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-21 07:24 . 2011-12-05 19:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-03-26 121064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 21:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-28 20:15 136176 ----atw- c:\documents and settings\Robin.AI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 12:29 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-30 19:58 18082304 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-06-20 14:37 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Freescale\\CodeWarrior for Microcontrollers V6.2\\prog\\hiwave.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\pemicro\\cyclone_pro\\CreateImage.exe"=
"c:\\pemicro\\cyclone_pro\\csaphcs08z.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [4/28/2008 1:05 PM 120832]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [5/17/2011 5:07 PM 196320]
R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\GpibPrtK.sys [6/15/2006 9:45 AM 191488]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [10/16/2009 4:28 PM 28080]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/17/2011 5:08 PM 65296]
R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [10/16/2009 4:28 PM 9984]
R3 Dta1xx;Dta1xx;c:\windows\system32\drivers\Dta1xx.sys [5/20/2010 1:07 PM 103448]
R3 MCHPUSB;MCHPUSB;c:\windows\system32\drivers\mchpusb.sys [9/3/2009 9:47 AM 61440]
R3 nipalusb;NI-PAL USB Driver;c:\windows\system32\drivers\nipalusb.sys [3/27/2006 1:46 AM 105472]
S1 CEC488;CEC488;c:\windows\system32\drivers\CEC488.sys [6/15/2006 9:33 AM 11264]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [2/12/2008 9:12 PM 76272]
S3 DirectIO;DirectIO;c:\windows\system32\drivers\DirectIO.sys [12/15/2008 12:04 PM 3408]
S3 GP8PSK;Genpix USB Driver (3.4.0.110);c:\windows\system32\drivers\genpix.sys [8/9/2011 11:25 AM 38400]
S3 jlink;J-Link driver;c:\windows\system32\drivers\jlink.sys [12/5/2011 4:26 PM 14208]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [7/18/2008 7:43 AM 1120752]
S3 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [7/18/2008 7:43 AM 166384]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [7/18/2008 7:43 AM 309744]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NIPALK
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\AdobeARM.job
- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 07:37]
.
2012-01-05 c:\windows\Tasks\GoogleUpdate.job
- c:\documents and settings\Robin.AI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-28 20:15]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839355074-3754453157-3932891548-1112Core.job
- c:\documents and settings\Robin.AI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-28 20:15]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839355074-3754453157-3932891548-1112UA.job
- c:\documents and settings\Robin.AI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-28 20:15]
.
2012-01-05 c:\windows\Tasks\jucheck.job
- c:\program files\Common Files\Java\Java Update\jucheck.exe [2011-06-09 18:06]
.
2012-01-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2839355074-3754453157-3932891548-1112.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2839355074-3754453157-3932891548-1112.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.3 68.87.72.134 68.87.77.134
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://serverpdc:4343/SMB/console/html/root/AtxEnc.cab
FF - ProfilePath - c:\documents and settings\Robin.APPLIEDIN\Application Data\Mozilla\Firefox\Profiles\thh1rt9x.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-33671359.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 19:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1932)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2012-01-24 19:09:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-25 00:08
.
Pre-Run: 112,315,723,776 bytes free
Post-Run: 112,726,069,248 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - FBADF2415EF0981223AF97B6BDEE5DCE

Broni · Jan 24, 2012

Looks good

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Nestle82 · Jan 25, 2012

My computer seems to be running much better. The web page redirecting is seems to be taken care of.

However, Trend Micro is still popping up a message that it is blocking Restriced URLs when browing the web. It listed 4 blocked URLs when opening the TechSpot site. It listed them as "Made for AdSense sites."

OTL log part 1:

OTL logfile created on: 1/25/2012 10:24:50 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Robin.APPLIEDIN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 72.80% Memory free
3.78 Gb Paging File | 3.40 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 129.05 Gb Total Space | 104.96 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 16.12 Gb Free Space | 80.61% Space Free | Partition Type: NTFS
Drive F: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
Drive J: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
Drive L: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
Drive M: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
Drive N: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
Drive V: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
Drive W: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS

Computer Name: ENG2 | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 10:15:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\OTL.exe
PRC - [2011/03/30 01:51:30 | 000,681,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2011/03/26 08:07:32 | 001,076,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2011/03/26 08:04:38 | 000,121,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/01/21 14:11:54 | 000,196,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2010/10/28 18:02:02 | 000,056,952 | ---- | M] (Ipswitch) -- C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
PRC - [2010/10/21 06:03:32 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/30 01:42:36 | 000,233,472 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\libTmHttpServer.dll
MOD - [2011/03/30 01:42:36 | 000,126,976 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\libTmHttpClient.dll
MOD - [2011/01/04 00:53:54 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/01/04 00:53:54 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\boost_thread-vc80-mt-1_36.dll
MOD - [2011/01/04 00:53:26 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
MOD - [2011/01/04 00:53:26 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2011/01/04 00:53:26 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/01/04 00:53:26 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2010/12/24 22:03:24 | 000,174,432 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
MOD - [2010/10/28 17:55:42 | 006,551,672 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\res0409.dll
MOD - [2010/10/28 17:52:36 | 000,948,496 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\libeay32.dll
MOD - [2010/10/28 17:52:36 | 000,153,360 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\ssleay32.dll
MOD - [2009/06/10 07:29:34 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/03/30 01:51:30 | 000,681,488 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (TmListen)
SRV - [2011/01/21 14:11:54 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/07/18 07:43:38 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/07/18 07:43:32 | 000,166,384 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/07/18 07:43:02 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/02/12 21:12:16 | 000,076,272 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -- (CEEBC40A-FDED-4C59-B354-939132350B01)

========== Driver Services (SafeList) ==========

DRV - [2011/12/05 16:26:51 | 000,014,208 | ---- | M] (SEGGER Microcontroller Systeme GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jlink.sys -- (jlink)
DRV - [2011/09/26 17:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/08/09 11:54:36 | 000,038,400 | ---- | M] (Genpix Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\genpix.sys -- (GP8PSK) Genpix USB Driver (3.4.0.110)
DRV - [2011/02/28 13:37:22 | 000,103,448 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dta1xx.sys -- (Dta1xx)
DRV - [2011/02/25 17:10:00 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/02/25 17:09:00 | 000,190,736 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/02/25 17:09:00 | 000,065,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/08 11:38:56 | 000,199,912 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010/10/01 02:59:16 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/10/22 10:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 10:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/16 16:28:24 | 000,009,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vichw11.sys -- (VICHW11)
DRV - [2009/10/16 16:28:14 | 000,028,080 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pedrv.sys -- (PEDRV)
DRV - [2009/10/16 16:28:14 | 000,010,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GIVEIO.SYS -- (GIVEIO)
DRV - [2009/01/06 19:00:08 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/15 12:04:16 | 000,003,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DirectIO.sys -- (DirectIO)
DRV - [2008/07/18 09:11:40 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/04/14 01:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2008/03/21 07:42:00 | 000,088,896 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2008/02/15 14:15:26 | 000,014,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 11:37:48 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 11:37:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 19:01:06 | 000,132,096 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/01/17 14:51:24 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/27 08:12:32 | 000,120,832 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ahcix86.sys -- (ahcix86)
DRV - [2006/10/12 19:21:04 | 000,020,512 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2006/06/15 09:45:26 | 000,191,488 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GpibPrtK.sys -- (GpibPrtK)
DRV - [2006/06/15 09:33:54 | 000,011,264 | ---- | M] (Capital Equipment Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\CEC488.sys -- (CEC488)
DRV - [2006/03/27 01:46:40 | 000,105,472 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nipalusb.sys -- (nipalusb)
DRV - [2006/03/27 01:46:22 | 000,552,960 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/11/22 06:03:56 | 000,061,440 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mchpusb.sys -- (MCHPUSB)
DRV - [2004/10/05 10:48:06 | 000,042,752 | ---- | M] (Ranioshack Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8MC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\firefoxextension\ [2011/08/11 08:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/20 09:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\Toolbar\firefoxextension [2011/05/17 17:07:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/19 14:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/19 14:12:48 | 000,000,000 | ---D | M]

[2012/01/23 17:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Mozilla\Extensions
[2012/01/19 14:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/19 14:12:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/24 19:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ToolbarIE.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://serverpdc:4343/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://serverpdc:4343/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259762057906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259762048703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} https://serverpdc:4343/SMB/console/html/root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.3 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = appliedin.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{640B1B98-63B5-4FA3-A1D3-72037481984A}: DhcpNameServer = 192.168.1.3 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 19:16:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 10:15:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\OTL.exe
[2012/01/24 18:38:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/24 18:35:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/24 18:35:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/24 18:35:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/24 18:35:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/24 18:35:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/24 18:35:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/24 18:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\ComboFix
[2012/01/24 18:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\TDS
[2012/01/24 16:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\BKR
[2012/01/24 16:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\aswMBR
[2012/01/24 16:12:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/01/24 16:12:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/01/24 16:12:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/01/24 15:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Temp
[2012/01/24 14:35:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Recent
[2012/01/24 12:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\IAR Embedded Workbench
[2012/01/24 12:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\DDS sUBs
[2012/01/24 12:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\GMER
[2012/01/24 12:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Sun
[2012/01/24 11:37:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/24 11:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/01/24 11:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/01/24 11:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/24 11:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Reg Backup
[2012/01/23 18:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Malwarebytes
[2012/01/23 18:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Plugins
[2012/01/23 18:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Processor Expert Projects
[2012/01/23 18:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Processor Expert
[2012/01/23 18:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Metrowerks
[2012/01/23 17:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Mozilla
[2012/01/23 17:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Mozilla
[2012/01/23 17:52:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\IECompatCache
[2012/01/23 17:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Adobe
[2012/01/23 17:47:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\PrivacIE
[2012/01/23 17:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\workspace
[2012/01/23 17:38:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Administrative Tools
[2012/01/23 17:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Visual Studio 2008
[2012/01/23 17:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\QBridge Control Center
[2012/01/23 17:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Downloads
[2012/01/23 17:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\AirTalk
[2012/01/23 17:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\AirTunerV004
[2012/01/23 17:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\Cal
[2012/01/23 17:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\FlexBoot
[2012/01/23 17:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\FlexisV121
[2012/01/23 17:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\My Projects
[2012/01/23 17:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\Off Air
[2012/01/23 17:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\TunerTalkV110
[2012/01/23 17:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\AppVerifierLogs
[2012/01/23 17:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Ipswitch
[2012/01/23 17:32:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft
[2012/01/23 17:32:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\SendTo
[2012/01/23 17:32:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data
[2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Startup
[2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu
[2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\My Videos
[2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\My Pictures
[2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\My Music
[2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents
[2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Favorites
[2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Accessories
[2012/01/23 17:32:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\UserData
[2012/01/23 17:32:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\IETldCache
[2012/01/23 17:32:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Cookies
[2012/01/23 17:32:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Templates
[2012/01/23 17:32:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\PrintHood
[2012/01/23 17:32:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\NetHood
[2012/01/23 17:32:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings
[2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Small Business Accounting
[2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Seven Zip
[2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Microsoft Help
[2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Microsoft
[2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Macromedia
[2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Identities
[2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop
[2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\ApplicationHistory
[2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Adobe
[2012/01/20 17:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/20 17:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/20 17:39:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/20 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/20 17:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/20 17:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/20 10:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/19 14:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/13 10:33:07 | 000,000,000 | ---D | C] -- C:\FlashUpdate
[2012/01/12 18:43:10 | 000,035,328 | ---- | C] (SafeNet, Inc.) -- C:\WINDOWS\System32\drivers\SNTNLUSB.SYS
[2009/09/21 11:44:01 | 000,030,208 | ---- | C] ( ) -- C:\WINDOWS\System32\RC00C150.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 10:15:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\OTL.exe
[2012/01/25 10:09:12 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/01/25 10:09:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/25 10:09:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2839355074-3754453157-3932891548-1112.job
[2012/01/25 10:08:50 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
[2012/01/25 10:08:44 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2012/01/25 10:08:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/24 19:01:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/24 18:38:29 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/01/24 14:53:56 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/24 12:31:15 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2012/01/24 12:31:14 | 000,000,355 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2012/01/24 12:31:14 | 000,000,017 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
[2012/01/24 11:34:51 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2012/01/24 10:55:10 | 000,011,264 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012/01/23 18:03:21 | 000,017,950 | ---- | M] () -- C:\WINDOWS\mcutools.ini
[2012/01/23 17:48:35 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2839355074-3754453157-3932891548-1112.job
[2012/01/23 17:44:59 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/23 17:32:16 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/20 16:21:49 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
[2012/01/18 15:12:26 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/01/13 10:30:30 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\FlashUpdate Local.lnk
[2012/01/12 15:51:36 | 000,539,132 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/12 15:51:36 | 000,108,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/05 10:45:00 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdate.job
[2012/01/05 10:33:43 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\AdobeARM.job
[2012/01/05 10:25:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\jucheck.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 18:38:29 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/01/24 18:38:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/24 18:35:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/24 18:35:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/24 18:35:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/24 18:35:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/24 18:35:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/24 14:53:56 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/23 17:44:59 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/23 17:38:46 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\SWWATER.INI
[2012/01/23 17:38:46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Default.rdp
[2012/01/23 17:33:34 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\Internet.lnk
[2012/01/23 17:33:34 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\Shortcut to Data Center.exe.lnk
[2012/01/23 17:33:34 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\Shortcut to TunerTalk.exe.lnk
[2012/01/23 17:33:34 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\FlashUpdate Local.lnk
[2012/01/23 17:32:13 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Windows Media Player.lnk
[2012/01/23 17:32:06 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\CinePlayer.lnk
[2012/01/23 17:32:06 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/23 17:32:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/23 17:32:05 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Remote Assistance.lnk
[2012/01/23 17:32:05 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Internet Explorer.lnk
[2012/01/23 17:32:05 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Outlook Express.lnk
[2012/01/20 16:21:49 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
[2012/01/20 16:21:48 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
[2012/01/19 16:57:12 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/01/18 15:12:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/12/02 12:49:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/12/02 12:33:04 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/12/02 12:33:04 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/08/09 13:03:03 | 000,000,216 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2011/04/06 08:42:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/10 17:56:27 | 000,252,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/18 14:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/11 17:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/08/16 16:04:25 | 000,018,159 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2010/07/27 10:29:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/06/02 13:30:17 | 000,241,705 | ---- | C] () -- C:\WINDOWS\System32\gpib.dll
[2010/06/02 13:29:45 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PORT32.DLL
[2010/05/20 13:07:41 | 000,103,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\Dta1xx.sys
[2010/05/20 13:07:09 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2010/05/20 13:07:09 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe
[2009/11/23 09:34:08 | 000,344,124 | ---- | C] () -- C:\WINDOWS\System32\TPUSBUninstaller.exe
[2009/10/16 16:28:24 | 000,009,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\vichw11.sys
[2009/10/16 16:28:14 | 000,028,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\pedrv.sys
[2009/10/16 16:28:14 | 000,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\GIVEIO.SYS
[2009/10/16 16:27:28 | 000,434,352 | ---- | C] () -- C:\WINDOWS\System32\PEUSBWD2.DLL
[2009/10/16 16:27:08 | 000,434,352 | ---- | C] () -- C:\WINDOWS\System32\PEUSBMGR.dll
[2009/10/16 16:26:24 | 000,408,240 | ---- | C] () -- C:\WINDOWS\System32\peusba05.dll
[2009/10/16 16:26:12 | 000,408,752 | ---- | C] () -- C:\WINDOWS\System32\peusba04.dll
[2009/10/16 16:26:12 | 000,408,752 | ---- | C] () -- C:\WINDOWS\System32\peusba03.dll
[2009/10/16 16:26:00 | 000,408,752 | ---- | C] () -- C:\WINDOWS\System32\peusba02.dll
[2009/10/16 16:25:50 | 000,408,752 | ---- | C] () -- C:\WINDOWS\System32\peusba01.dll
[2009/10/16 16:25:42 | 000,666,288 | ---- | C] () -- C:\WINDOWS\System32\pemicro_serialcm2.dll
[2009/09/30 15:33:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\msds.dat
[2009/09/21 11:44:01 | 000,000,077 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2009/09/21 11:44:01 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2009/09/02 12:03:00 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/01 07:08:32 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/08/31 11:09:12 | 000,017,950 | ---- | C] () -- C:\WINDOWS\mcutools.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/31 10:51:15 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/31 10:50:54 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\syx45326.dat
[2009/07/31 09:19:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/31 06:54:36 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/06/10 07:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 07:29:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/10 07:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 07:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 07:29:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/10 07:29:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/10 07:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/15 12:04:16 | 000,003,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\DirectIO.sys
[2008/07/17 09:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2008/04/25 21:01:09 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/25 19:19:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 19:14:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 19:11:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 19:06:01 | 000,000,507 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/04/25 19:05:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 19:05:53 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 19:05:53 | 000,539,132 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 19:05:53 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 19:05:53 | 000,108,756 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 19:05:53 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 19:05:53 | 000,005,559 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 19:05:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 19:05:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 19:05:52 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 19:05:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 19:05:49 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/06/15 09:43:26 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\gpib-vdd.dll
[2006/06/15 09:37:18 | 000,008,561 | ---- | C] () -- C:\WINDOWS\System32\GPIB.INI
[2006/06/15 09:33:56 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\CECVDD.DLL
[2006/06/15 09:33:54 | 000,000,736 | ---- | C] () -- C:\WINDOWS\CEC488.INI
[2006/03/27 01:46:24 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
[2000/08/03 13:25:12 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\pedrv.sys
[1996/05/29 16:20:04 | 000,035,072 | ---- | C] () -- C:\WINDOWS\System32\SENDKEY.DLL

========== LOP Check ==========

[2009/09/02 07:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Processor Expert
[2011/04/07 11:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/01/20 11:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/09/03 12:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/09/02 07:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Processor Expert
[2009/07/31 07:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/08/16 12:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\.TotalPhase
[2011/07/12 10:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\BigBrotherLite
[2010/08/09 08:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\Broadcom Corporation
[2011/04/07 11:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\DAEMON Tools Lite
[2010/11/09 12:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\EDrawings
[2011/12/02 12:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\IAR Embedded Workbench
[2011/07/07 12:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\ieSpell
[2009/09/02 07:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\Processor Expert
[2009/09/30 15:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\RFlasher7
[2009/09/30 15:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\Ride7
[2011/02/03 12:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/01/24 12:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\IAR Embedded Workbench
[2012/01/23 18:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Processor Expert
[2012/01/05 10:25:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job

========== Purity Check ==========

Nestle82 · Jan 25, 2012

OTL part 2:

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/10/18 17:54:03 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/04/25 19:16:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/10/25 14:17:37 | 000,011,008 | ---- | M] () -- C:\bar.emf
[2012/01/24 11:34:51 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2012/01/24 18:38:29 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/01/24 19:09:01 | 000,014,023 | ---- | M] () -- C:\ComboFix.txt
[2008/04/25 19:16:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/25 19:16:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/25 19:16:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/25 10:08:20 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/05/20 13:01:02 | 000,000,852 | ---- | M] () -- C:\pedriver.txt
[2010/02/25 14:16:56 | 000,376,136 | ---- | M] () -- C:\setup.log
[2009/08/07 10:40:19 | 000,061,700 | ---- | M] () -- C:\SIGNED.TXT
[2009/08/07 10:40:19 | 000,091,106 | ---- | M] () -- C:\SIGVERIF.TXT
[2012/01/24 18:25:05 | 000,063,076 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_24.01.2012_18.24.36_log.txt
[2009/08/07 10:40:19 | 000,000,172 | ---- | M] () -- C:\TOTALS.TXT
[2009/08/07 10:40:19 | 000,029,408 | ---- | M] () -- C:\UNSCANNED.TXT
[2009/08/07 10:39:53 | 000,000,002 | ---- | M] () -- C:\UNSIGNED.TXT

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/25 19:16:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/07/03 10:54:12 | 000,091,648 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4sa.dll
[2011/09/26 17:16:04 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/04/25 19:10:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/04/25 19:10:18 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/04/25 19:10:18 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/04/25 19:16:32 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/23 17:32:15 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/04/25 19:20:12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/25 10:15:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2011/12/19 03:04:46 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/08/31 09:03:07 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/01 15:42:57 | 000,003,108 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/25 10:16:24 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 02:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 02:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 02:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 08:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 02:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 02:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 02:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 02:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 02:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\WINDOWS\System32\gpib.dll:SummaryInformation

< End of report >

Nestle82 · Jan 25, 2012

Extras.txt log:

OTL Extras logfile created on: 1/25/2012 10:24:50 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Robin.APPLIEDIN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 72.80% Memory free
3.78 Gb Paging File | 3.40 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 129.05 Gb Total Space | 104.96 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 16.12 Gb Free Space | 80.61% Space Free | Partition Type: NTFS
Drive F: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
Drive J: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
Drive L: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
Drive M: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
Drive N: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
Drive V: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
Drive W: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS

Computer Name: ENG2 | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002
"28625:TCP" = 28625:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.2\prog\hiwave.exe" = C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.2\prog\hiwave.exe:*:Enabled:HIWAVE EXE -- (Freescale)
"C:\pemicro\cyclone_pro\CreateImage.exe" = C:\pemicro\cyclone_pro\CreateImage.exe:*:Enabled:Cyclone Image Creation Utility -- (P&E Microcomputer Systems, Inc.)
"C:\pemicro\cyclone_pro\csaphcs08z.exe" = C:\pemicro\cyclone_pro\csaphcs08z.exe:*:Enabled:csaphcs08z -- (P&E Microcomputer Systems, Inc.)
"C:\Program Files\COOL.STF\TSReaderLite\TSReaderLite.exe" = C:\Program Files\COOL.STF\TSReaderLite\TSReaderLite.exe:*:Enabled:TSReader -- (COOLSTF.com Inc.)
"C:\Program Files\Freescale10.1\CW MCU v10.1\eclipse\cwide.exe" = C:\Program Files\Freescale10.1\CW MCU v10.1\eclipse\cwide.exe:*:Enabled:cwide
"C:\Program Files\Freescale10.1\CW MCU v10.1\analysis\1.1.0\lib\host\vendor\win\python-2.5\python.exe" = C:\Program Files\Freescale10.1\CW MCU v10.1\analysis\1.1.0\lib\host\vendor\win\python-2.5\python.exe:*:Enabled

ython
"C:\Program Files\Freescale10.1\CW MCU v10.1\MCU\ccs\bin\ccs.exe" = C:\Program Files\Freescale10.1\CW MCU v10.1\MCU\ccs\bin\ccs.exe:*:Enabled:CodeWarrior Connection Server
"C:\Program Files\Freescale10.1\CW MCU v10.1\MCU\bin\DE.exe" = C:\Program Files\Freescale10.1\CW MCU v10.1\MCU\bin\DE.exe:*:Enabled:Integrated Development Environment
"C:\pemicro\cyclone_pro\ManageImages.exe" = C:\pemicro\cyclone_pro\ManageImages.exe:*:Enabled:Cyclone Image Creation Utility -- (P&E Microcomputer Systems, Inc.)
"C:\pemicro\cyclone_pro\ConfigureIP.exe" = C:\pemicro\cyclone_pro\ConfigureIP.exe:*:Enabled:Cyclone Image Creation Utility -- (P&E Microcomputer Systems, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.2\prog\hiwave.exe" = C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.2\prog\hiwave.exe:*:Enabled:HIWAVE EXE -- (Freescale)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\pemicro\cyclone_pro\CreateImage.exe" = C:\pemicro\cyclone_pro\CreateImage.exe:*:Enabled:Cyclone Image Creation Utility -- (P&E Microcomputer Systems, Inc.)
"C:\pemicro\cyclone_pro\csaphcs08z.exe" = C:\pemicro\cyclone_pro\csaphcs08z.exe:*:Enabled:csaphcs08z -- (P&E Microcomputer Systems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047815FB-4E38-42D5-95CB-8A131DDD8668}" = Microsoft Windows Theme Nunavut
"{0581DBCC-5B28-427B-B9F2-0C734E46D821}" = QBridge Control Center
"{05DD8AEF-3113-42BD-B51D-842DB111123A}" = PEMICRO Demo QE Toolkit
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A07E717-BB5D-4B99-840B-6C5DED52B277}" = Trend Micro Worry-Free Business Security Agent
"{109994A3-EB45-4EEB-9CAA-A7BCE33D72A9}" = P&E Cyclone Pro Programmer
"{11743911-C752-4DA3-B00A-532A57CA6C9B}" = StreamXpress Stream Player (DTC-300)
"{17EB55C4-8FC3-4D38-891C-640A0F2BEA7C}" = GPIB-488 version 2.0
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 30
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0DCF16-FB6A-4A1D-993B-448245A71CE0}" = Broadband Studio 3 - Bcm94506
"{404C18ED-873A-4191-BA03-30F627445418}" = Sentinel Protection Installer 7.3.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator XE
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67CA389E-E759-4181-99FA-CD8B63853FB1}" = Roxio Creator XE
"{6DBBB19F-9526-4F90-99C6-E95D486651E7}" = Broadband Studio 3
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85904389-B6A2-49A4-8FD1-E78B56840BC9}" = Broadband Studio 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISSTDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISSTDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISSTDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISSTDR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ED71778-0E56-4760-9FC6-2C29D75100C5}" = Radioshack USB-to-Serial cable
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A350A8B9-1705-450E-B771-12E7D3AF84B1}" = TunerTalk
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A58F2B4A-ABAC-479E-83CE-F3AF284C9737}" = Sentinel System Driver Installer 7.4.2
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03AFE2C-404B-4B52-86A5-49DB8774573E}" = CodeWarrior Development Studio for Microcontrollers V6.2
"{DE187714-9BAB-4767-8431-286BE54A685F}" = IAR Embedded Workbench for ARM 5.40
"{E2C689A9-1B68-4144-9D84-735A7F4F419E}" = P&E Device Drivers
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = UC-232A USB-to-Serial
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F434F50E-7614-3EA8-9008-2FB866B697DA}" = Microsoft Visual Studio 2008 Standard Edition - ENU
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE4C533F-7B0C-4B6F-A1C3-B4449B02D5B8}" = Broadband Studio 2 Bcm94506 PlugIn
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"5007 Config Mgr - Admin Version" = Valon Technology, LLC 5007 Config Mgr - Admin Version 1.2.4
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"ABA711DD50380EF91CB183F7CCDF6FFF13A3A738" = Windows Driver Package - Segger (jlink) USB (01/09/2007 2.6.5.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AE3DA7FEC22E9FC9FE0453738A4DE2CDECE169F8" = Windows Driver Package - SofTec Microsystems (sft02) SofTecUSBDevices (02/07/2007 2.40.0.0)
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"DVB Dream_is1" = DVB Dream version 1.5f
"Hardlock Device Drivers" = Hardlock Device Drivers
"IE4Dev" = Microsoft Script Debugger
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MentorGraphicsJI" = Mentor Graphics Products
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2008 Standard Edition - ENU" = Microsoft Visual Studio 2008 Standard Edition - ENU
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 12.0" = RealPlayer
"TotalPhase" = Total Phase USB Driver v2.01
"TSReader Lite_is1" = TSReader Lite 2.8.46g
"TVicPort 4.1 Free Personal Edition" = TVicPort 4.1 Free Personal Edition
"VISSTDR" = Microsoft Office Visio Standard 2007
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wofie" = Trend Micro Worry-Free Business Security Agent
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2012 7:26:34 PM | Computer Name = ENG2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/24/2012 7:44:38 PM | Computer Name = ENG2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/24/2012 7:44:39 PM | Computer Name = ENG2 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/24/2012 7:44:45 PM | Computer Name = ENG2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/24/2012 8:01:17 PM | Computer Name = ENG2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/24/2012 8:01:18 PM | Computer Name = ENG2 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/24/2012 8:01:24 PM | Computer Name = ENG2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/25/2012 11:08:41 AM | Computer Name = ENG2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/25/2012 11:08:42 AM | Computer Name = ENG2 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/25/2012 11:08:48 AM | Computer Name = ENG2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ OSession Events ]
Error - 9/21/2009 1:05:41 PM | Computer Name = YOUR-9F2E7EB032 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 982
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/23/2012 2:03:21 PM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 1/23/2012 10:46:03 PM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/24/2012 2:02:03 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/24/2012 3:02:42 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/24/2012 6:02:00 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/24/2012 8:02:01 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/24/2012 11:01:26 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/24/2012 2:01:21 PM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/25/2012 11:08:41 AM | Computer Name = ENG2 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain APPLIEDIN due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 1/25/2012 11:10:14 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

< End of report >

Broni · Jan 25, 2012

It listed them as "Made for AdSense sites."

It looks like Trend is a bit too sensitive.
I wouldn't worry about those.

=================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 176 bytes -> C:\WINDOWS\System32\gpib.dll:SummaryInformation


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Nestle82 · Jan 26, 2012

Here is the OTL log.

The Security Check link is blocked by my antivirus. It has a different (more serious looking) message than what I had mentioned before. It says that it blocked the page because it was a known malicious URL. Can you verify that the link is ok before I bypass my antivirus to open it? I will wait for your instruction before completing the rest of the scans.

==================================================

OTL:

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\WINDOWS\System32\gpib.dll:SummaryInformation deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: administrator.APPLIEDIN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98508 bytes
->Flash cache emptied: 56468 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1130 bytes

User: Robin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Robin.AI
->Temp folder emptied: 25138724 bytes
->Temporary Internet Files folder emptied: 234980 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45489527 bytes
->Flash cache emptied: 0 bytes

User: Robin.APPLIEDIN
->Temp folder emptied: 67612 bytes
->Temporary Internet Files folder emptied: 971469 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11457262 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 80.00 mb

[EMPTYJAVA]

User: Administrator

User: administrator.APPLIEDIN

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Robin

User: Robin.AI
->Java cache emptied: 0 bytes

User: Robin.APPLIEDIN
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: administrator.APPLIEDIN

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Robin
->Flash cache emptied: 0 bytes

User: Robin.AI
->Flash cache emptied: 0 bytes

User: Robin.APPLIEDIN
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01252012_183646

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat not found!

Registry entries deleted on Reboot...

Broni · Jan 26, 2012

The Security Check link is blocked by my antivirus. It has a different (more serious looking) message than what I had mentioned before. It says that it blocked the page because it was a known malicious URL. Can you verify that the link is ok before I bypass my antivirus to open it?

Yes. Another nonsense from TM.

Nestle82 · Jan 26, 2012

Ok. Ran it. I will run the other checks now.

Security Check Results:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Trend Micro Worry-Free Business Security Agent
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 30
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
``````````End of Log````````````

Nestle82 · Jan 26, 2012

By the way, my computer seems to be running great right now! Thanks!

FSS:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Robin (administrator) on 26-01-2012 at 12:13:38
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Nestle82 · Jan 26, 2012

ESET scanner has an option checked to Remove Found Threats. Should I leave this checked before clicking scan?

Broni · Jan 26, 2012

Yes................

Nestle82 · Jan 26, 2012

ESET Online Scanner reported no threats found. WooHoo!

Eset has an option to uninstall on close on the screen that is up. I will leave it open until further directions.

Broni · Jan 26, 2012

You can keep and use it in the future.

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

=============================================================

You have one registry key missing which affects Security Center functioning.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_wscsvc.reg and confirm the prompt.
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
Restart computer.
See if you can access Security Center.
Post new FSS log.

Nestle82 · Jan 26, 2012

I am assuming you are refering to Windows Security Center. Yes, I can access it.

Here is the log:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Robin (administrator) on 26-01-2012 at 14:15:48
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Broni · Jan 26, 2012

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Nestle82 · Jan 26, 2012

Here is the OTL log. I will continue on with the rest of the steps you mentioned.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: administrator.APPLIEDIN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Robin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Robin.AI
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Robin.APPLIEDIN
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 9729881 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5641227 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb

[EMPTYFLASH]

User: Administrator

User: administrator.APPLIEDIN

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Robin
->Flash cache emptied: 0 bytes

User: Robin.AI
->Flash cache emptied: 0 bytes

User: Robin.APPLIEDIN
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: administrator.APPLIEDIN

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Robin

User: Robin.AI
->Java cache emptied: 0 bytes

User: Robin.APPLIEDIN
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 01262012_143011

Files\Folders moved on Reboot...
C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Temporary Internet Files\Content.IE5\681NDWUA\topic176614-2[1].html moved successfully.
C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat not found!

Registry entries deleted on Reboot...

Nestle82 · Jan 26, 2012

All done. Computer is running great. Thanks for all your help Broni! Great Job!

Solved Virus opening URL and redirecting browser

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 25 +0

Similar threads