TechSpot

Virus opening URL and redirecting browser

By Nestle82
Jan 24, 2012
  1. Hope I am posting this correctly.

    Trend Micro blocks restricted URLs from opening every couple of minutes even when not Internet.
    It appears that the virus is attempting to redirect web pages to another site. Trend micro is stopping the redirect and the browser either refreshes the web page or closes the browser. This happens in both Internet Explorer and Firefox.

    My anti-virus reports this every time I perform a scan.
    Anti-Virus: Trend Micro Worry-Free Business Security
    File Name: mrxsmb.sys
    Threat: TROJ_GEN.R37C8AG
    Path: C:\WINDOWS\system32\drivers

    Note: I do not have the ability to disable Trend Micro at this point. I would have to get a password from the network administrator to do this.


    Mbam log:

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.24.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Robin :: ENG2 [administrator]

    1/24/2012 2:36:24 PM
    mbam-log-2012-01-24 (14-36-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 242629
    Time elapsed: 6 minute(s), 25 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    //----------------------------------------------------------------------------------------------------------------------------------

    GMER log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-24 16:10:13
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 WDC_WD16 rev.01.0
    Running: dvqeeojy.exe; Driver: C:\DOCUME~1\ROBIN~1.APP\LOCALS~1\Temp\ugtdapow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    ---- EOF - GMER 1.0.15 ----


    //-----------------------------------------------------------------------------------------

    DDS logs:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
    Run by Robin at 16:12:51 on 2012-01-24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1412 [GMT -5:00]
    .
    AV: Trend Micro Security Agent *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\client server security agent\uiframework\ToolbarIE.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\client server security agent\uiframework\ToolbarIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://serverpdc:4343/officescan/console/ClientInstall/WinNTChk.cab
    DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://serverpdc:4343/officescan/console/ClientInstall/setup.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259762057906
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259762048703
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://serverpdc:4343/SMB/console/html/root/AtxEnc.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.3 68.87.72.134 68.87.77.134
    TCP: Interfaces\{640B1B98-63B5-4FA3-A1D3-72037481984A} : DhcpNameServer = 192.168.1.3 68.87.72.134 68.87.77.134
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\client server security agent\uiframework\ToolbarIE.dll
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\client server security agent\uiframework\ProToolbarIMRatingActiveX.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\robin.appliedin\application data\mozilla\firefox\profiles\thh1rt9x.default\
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-4-28 120832]
    R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-5-17 196320]
    R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\GpibPrtK.sys [2006-6-15 191488]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-5-25 47640]
    R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [2009-10-16 28080]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-5-17 65296]
    R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [2009-10-16 9984]
    R3 Dta1xx;Dta1xx;c:\windows\system32\drivers\Dta1xx.sys [2010-5-20 103448]
    R3 MCHPUSB;MCHPUSB;c:\windows\system32\drivers\mchpusb.sys [2009-9-3 61440]
    R3 nipalusb;NI-PAL USB Driver;c:\windows\system32\drivers\nipalusb.sys [2006-3-27 105472]
    S1 CEC488;CEC488;c:\windows\system32\drivers\CEC488.sys [2006-6-15 11264]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
    S3 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files\roxio\backontrack\file backup\FileBackupSVC.exe [2008-2-12 76272]
    S3 DirectIO;DirectIO;c:\windows\system32\drivers\DirectIO.sys [2008-12-15 3408]
    S3 GP8PSK;Genpix USB Driver (3.4.0.110);c:\windows\system32\drivers\genpix.sys [2011-8-9 38400]
    S3 jlink;J-Link driver;c:\windows\system32\drivers\jlink.sys [2011-12-5 14208]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-7-18 1120752]
    S3 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-7-18 166384]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-7-18 309744]
    .
    =============== Created Last 30 ================
    .
    2012-01-24 20:48:57 -------- d-----w- c:\documents and settings\robin.appliedin\local settings\application data\Temp
    2012-01-24 17:27:08 -------- d-----w- c:\documents and settings\robin.appliedin\application data\IAR Embedded Workbench
    2012-01-24 16:16:26 -------- d-----w- c:\program files\CCleaner
    2012-01-23 23:08:19 -------- d-----w- c:\documents and settings\robin.appliedin\application data\Malwarebytes
    2012-01-23 23:02:52 -------- d-----w- c:\documents and settings\robin.appliedin\local settings\application data\Plugins
    2012-01-23 23:02:49 -------- d-----w- c:\documents and settings\robin.appliedin\application data\Processor Expert
    2012-01-23 23:02:48 -------- d-----w- c:\documents and settings\robin.appliedin\local settings\application data\Metrowerks
    2012-01-23 22:55:47 -------- d-----w- c:\documents and settings\robin.appliedin\local settings\application data\Mozilla
    2012-01-23 22:52:43 -------- d-sh--w- c:\documents and settings\robin.appliedin\IECompatCache
    2012-01-23 22:47:02 -------- d-sh--w- c:\documents and settings\robin.appliedin\PrivacIE
    2012-01-23 22:38:47 -------- d-----w- c:\documents and settings\robin.appliedin\workspace
    2012-01-23 22:38:47 -------- d-----w- c:\documents and settings\robin.appliedin\WINDOWS
    2012-01-23 22:33:32 -------- d-----w- c:\documents and settings\robin.appliedin\AppVerifierLogs
    2012-01-23 18:24:17 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-01-23 18:24:17 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-20 22:39:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-01-20 22:39:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-20 22:39:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-20 15:34:20 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2012-01-19 21:57:12 11264 ----a-w- c:\windows\DCEBoot.exe
    2012-01-19 19:12:48 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2012-01-19 19:06:06 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-19 19:06:06 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-19 19:06:06 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-19 19:06:06 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    2012-01-13 15:33:07 -------- d-----w- C:\FlashUpdate
    2012-01-12 23:43:10 35328 ----a-w- c:\windows\system32\drivers\SNTNLUSB.SYS
    2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2012-01-24 17:31:15 73 ----a-w- c:\windows\system32\ssprs.dll
    2012-01-24 17:31:14 341 ----a-w- c:\windows\system32\lsprst7.dll
    2011-12-05 21:26:51 14208 ----a-w- c:\windows\system32\drivers\jlink.sys
    2011-12-02 17:49:00 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2011-12-02 17:33:04 1024 ----a-w- c:\windows\system32\clauth2.dll
    2011-12-02 17:33:04 1024 ----a-w- c:\windows\system32\clauth1.dll
    2011-12-02 17:33:04 0 ----a-w- c:\windows\system32\serauth2.dll
    2011-12-02 17:33:04 0 ----a-w- c:\windows\system32\serauth1.dll
    2011-12-02 17:33:04 0 ----a-w- c:\windows\system32\nsprs.dll
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-21 15:25:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-09 21:22:26 59 --sha-w- c:\windows\WINPROD.DLL
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    .
    ============= FINISH: 16:13:19.01 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/31/2009 7:37:43 AM
    System Uptime: 1/24/2012 2:53:38 PM (2 hours ago)
    .
    Motherboard: MSI | | MS-7309
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | CPU 1 | 2310/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 129 GiB total, 104.888 GiB free.
    D: is FIXED (NTFS) - 20 GiB total, 16.122 GiB free.
    E: is CDROM ()
    F: is NetworkDisk (NTFS) - 382 GiB total, 344.958 GiB free.
    J: is NetworkDisk (NTFS) - 98 GiB total, 9.324 GiB free.
    L: is NetworkDisk (NTFS) - 382 GiB total, 344.958 GiB free.
    M: is NetworkDisk (NTFS) - 98 GiB total, 9.324 GiB free.
    N: is NetworkDisk (NTFS) - 382 GiB total, 344.958 GiB free.
    V: is NetworkDisk (NTFS) - 98 GiB total, 9.324 GiB free.
    W: is NetworkDisk (NTFS) - 382 GiB total, 344.958 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office system
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2)
    Broadband Studio 2
    Broadband Studio 2 Bcm94506 PlugIn
    Broadband Studio 3
    Broadband Studio 3 - Bcm94506
    Business Contact Manager for Outlook 2007 SP2
    CCleaner
    CodeWarrior Development Studio for Microcontrollers V6.2
    DVB Dream version 1.5f
    GPIB-488 version 2.0
    Hardlock Device Drivers
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2008 Standard Edition - ENU (KB971091)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    IAR Embedded Workbench for ARM 5.40
    Internet Explorer (Enable DEP)
    Ipswitch WS_FTP 12
    Java Auto Updater
    Java(TM) 6 Update 30
    Malwarebytes Anti-Malware version 1.60.0.1800
    Mentor Graphics Products
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Document Explorer 2008
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Standard 2007
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Script Debugger
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2008 Standard Edition - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 Tools
    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    Microsoft Windows Theme Nunavut
    Microsoft WinUsb 1.0
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    P&E Cyclone Pro Programmer
    P&E Device Drivers
    PEMICRO Demo QE Toolkit
    QBridge Control Center
    Radioshack USB-to-Serial cable
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio CinePlayer
    Roxio Creator XE
    Roxio Express Labeler 3
    Roxio File Backup
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2553010)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sentinel Protection Installer 7.3.0
    Sentinel System Driver
    Sentinel System Driver Installer 7.4.2
    Sonic CinePlayer Decoder Pack
    StreamXpress Stream Player (DTC-300)
    Total Phase USB Driver v2.01
    Trend Micro Worry-Free Business Security Agent
    TSReader Lite 2.8.46g
    TunerTalk
    TVicPort 4.1 Free Personal Edition
    UC-232A USB-to-Serial
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Visual Studio 2008 Standard Edition - ENU (KB972221)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Valon Technology, LLC 5007 Config Mgr - Admin Version 1.2.4
    VLC media player 1.1.11
    WebFldrs XP
    Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
    Windows Driver Package - Segger (jlink) USB (01/09/2007 2.6.5.0)
    Windows Driver Package - SofTec Microsystems (sft02) SofTecUSBDevices (02/07/2007 2.40.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/23/2012 10:45:46 AM, error: PlugPlayManager [12] - The device 'NIPALK' (Root\LEGACY_NIPALK\0000) disappeared from the system without first being prepared for removal.
    1/23/2012 1:03:21 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    1/20/2012 10:22:04 AM, error: nvgts [9] - The device, \Device\Scsi\nvgts1, did not respond within the timeout period.
    1/20/2012 10:22:04 AM, error: nvgts [5] - A parity error was detected on \Device\Scsi\nvgts1.
    1/19/2012 8:09:55 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    1/19/2012 5:16:46 PM, error: NETLOGON [5719] - No Domain Controller is available for domain APPLIEDIN due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    1/19/2012 2:41:39 PM, error: NETLOGON [5719] - No Domain Controller is available for domain APPLIEDIN due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    1/19/2012 2:30:42 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    If this is work computer do so and obtain a permission to work on this machine.

    When done...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    Next Step

    I can now turn off my Trend Micro anti virus if needed.

    Here are the scan results:

    -----------------------------------------------------------------------------
    aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-24 16:40:56
    -----------------------------
    16:40:56.015 OS Version: Windows 5.1.2600 Service Pack 3
    16:40:56.015 Number of processors: 2 586 0x6B02
    16:40:56.015 ComputerName: ENG2 UserName:
    16:40:56.781 Initialize success
    16:42:09.421 AVAST engine defs: 12012400
    16:42:23.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
    16:42:23.640 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 1
    16:42:23.640 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b7eeb40e
    16:42:23.656 Disk 0 MBR read successfully
    16:42:23.656 Disk 0 MBR scan
    16:42:23.718 Disk 0 Windows VISTA default MBR code
    16:42:23.718 Disk 0 Partition - 00 0F Extended LBA 20480 MB offset 2048
    16:42:23.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 132145 MB offset 41945088
    16:42:23.796 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20479 MB offset 4096
    16:42:23.812 Disk 0 scanning sectors +312578048
    16:42:23.984 Disk 0 scanning C:\WINDOWS\system32\drivers
    16:42:48.656 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **SUSPICIOUS**
    16:43:08.468 Disk 0 trace - called modules:
    16:43:08.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x891b8ff0]<<
    16:43:08.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a507030]
    16:43:08.500 3 CLASSPNP.SYS[b80c8fd7] -> nt!IofCallDriver -> [0x89224bc0]
    16:43:08.500 \Driver\00000504[0x89224ce8] -> IRP_MJ_CREATE -> 0x891b8ff0
    16:43:09.125 AVAST engine scan C:\WINDOWS
    16:43:44.656 AVAST engine scan C:\WINDOWS\system32
    16:51:49.828 AVAST engine scan C:\WINDOWS\system32\drivers
    16:52:21.625 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **SUSPICIOUS**
    16:53:14.968 AVAST engine scan C:\Documents and Settings\Robin.APPLIEDIN
    17:09:47.843 AVAST engine scan C:\Documents and Settings\All Users
    17:11:06.875 Scan finished successfully
    17:11:25.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robin.APPLIEDIN\Desktop\aswMBR\MBR.dat"
    17:11:25.734 The log file has been saved successfully to "C:\Documents and Settings\Robin.APPLIEDIN\Desktop\aswMBR\aswMBR.txt"


    -----------------------------------------------------------------------------------------------



    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000005`00100000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  4. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    Also wanted to note...

    Bootkit Remover displayed an error popup message during its scan. It stated "ATA_PASS_THROUGH_DIRECT is not supported by your disk controller. SCSI_PASS_THROUGH will be use for disk I/O."

    The rest of the test seemed to complete ok though.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    Cool! That seemed to help.

    Here's the log.


    18:24:36.0062 0352 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
    18:24:36.0531 0352 ============================================================
    18:24:36.0531 0352 Current date / time: 2012/01/24 18:24:36.0531
    18:24:36.0531 0352 SystemInfo:
    18:24:36.0531 0352
    18:24:36.0531 0352 OS Version: 5.1.2600 ServicePack: 3.0
    18:24:36.0531 0352 Product type: Workstation
    18:24:36.0531 0352 ComputerName: ENG2
    18:24:36.0531 0352 UserName: Robin
    18:24:36.0531 0352 Windows directory: C:\WINDOWS
    18:24:36.0531 0352 System windows directory: C:\WINDOWS
    18:24:36.0531 0352 Processor architecture: Intel x86
    18:24:36.0531 0352 Number of processors: 2
    18:24:36.0531 0352 Page size: 0x1000
    18:24:36.0531 0352 Boot type: Normal boot
    18:24:36.0531 0352 ============================================================
    18:24:37.0703 0352 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    18:24:37.0796 0352 Initialize success
    18:24:42.0296 1468 ============================================================
    18:24:42.0296 1468 Scan started
    18:24:42.0296 1468 Mode: Manual;
    18:24:42.0296 1468 ============================================================
    18:24:42.0687 1468 Abiosdsk - ok
    18:24:42.0734 1468 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    18:24:42.0734 1468 abp480n5 - ok
    18:24:42.0750 1468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:24:42.0765 1468 ACPI - ok
    18:24:42.0765 1468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:24:42.0781 1468 ACPIEC - ok
    18:24:42.0781 1468 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    18:24:42.0781 1468 adpu160m - ok
    18:24:42.0828 1468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:24:42.0828 1468 aec - ok
    18:24:42.0875 1468 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    18:24:42.0890 1468 AFD - ok
    18:24:42.0890 1468 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    18:24:42.0890 1468 agp440 - ok
    18:24:42.0906 1468 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    18:24:42.0906 1468 agpCPQ - ok
    18:24:42.0906 1468 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    18:24:42.0906 1468 Aha154x - ok
    18:24:42.0937 1468 ahcix86 (18876330870fe64bf38dd5e3bfac110b) C:\WINDOWS\system32\DRIVERS\ahcix86.sys
    18:24:42.0937 1468 ahcix86 - ok
    18:24:42.0937 1468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    18:24:42.0937 1468 aic78u2 - ok
    18:24:42.0953 1468 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    18:24:42.0953 1468 aic78xx - ok
    18:24:42.0968 1468 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    18:24:42.0968 1468 AliIde - ok
    18:24:42.0968 1468 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    18:24:42.0984 1468 alim1541 - ok
    18:24:42.0984 1468 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    18:24:42.0984 1468 amdagp - ok
    18:24:43.0000 1468 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    18:24:43.0000 1468 amsint - ok
    18:24:43.0015 1468 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
    18:24:43.0015 1468 AN983 - ok
    18:24:43.0031 1468 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    18:24:43.0031 1468 asc - ok
    18:24:43.0031 1468 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    18:24:43.0046 1468 asc3350p - ok
    18:24:43.0046 1468 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    18:24:43.0046 1468 asc3550 - ok
    18:24:43.0078 1468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:24:43.0078 1468 AsyncMac - ok
    18:24:43.0093 1468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:24:43.0093 1468 atapi - ok
    18:24:43.0093 1468 Atdisk - ok
    18:24:43.0125 1468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:24:43.0125 1468 Atmarpc - ok
    18:24:43.0140 1468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:24:43.0140 1468 audstub - ok
    18:24:43.0187 1468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:24:43.0187 1468 Beep - ok
    18:24:43.0203 1468 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    18:24:43.0203 1468 cbidf - ok
    18:24:43.0203 1468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:24:43.0203 1468 cbidf2k - ok
    18:24:43.0218 1468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    18:24:43.0218 1468 cd20xrnt - ok
    18:24:43.0265 1468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:24:43.0265 1468 Cdaudio - ok
    18:24:43.0265 1468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:24:43.0265 1468 Cdfs - ok
    18:24:43.0281 1468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:24:43.0296 1468 Cdrom - ok
    18:24:43.0328 1468 CEC488 (c24f726caa347571038799490a4d72f9) C:\WINDOWS\system32\drivers\CEC488.sys
    18:24:43.0343 1468 CEC488 - ok
    18:24:43.0343 1468 Changer - ok
    18:24:43.0359 1468 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    18:24:43.0375 1468 CmdIde - ok
    18:24:43.0390 1468 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    18:24:43.0390 1468 Cpqarray - ok
    18:24:43.0406 1468 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    18:24:43.0406 1468 dac2w2k - ok
    18:24:43.0421 1468 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    18:24:43.0421 1468 dac960nt - ok
    18:24:43.0468 1468 DirectIO (b83f981476c89fce60e6022b17504bd0) C:\WINDOWS\system32\Drivers\DirectIO.sys
    18:24:43.0484 1468 DirectIO - ok
    18:24:43.0484 1468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:24:43.0500 1468 Disk - ok
    18:24:43.0531 1468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:24:43.0546 1468 dmboot - ok
    18:24:43.0562 1468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:24:43.0562 1468 dmio - ok
    18:24:43.0593 1468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:24:43.0593 1468 dmload - ok
    18:24:43.0640 1468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:24:43.0640 1468 DMusic - ok
    18:24:43.0656 1468 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    18:24:43.0656 1468 dpti2o - ok
    18:24:43.0703 1468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:24:43.0703 1468 drmkaud - ok
    18:24:43.0750 1468 Dta1xx (84140851e75cef73ef2104c7267b3fb8) C:\WINDOWS\system32\DRIVERS\Dta1xx.sys
    18:24:43.0765 1468 Dta1xx - ok
    18:24:43.0796 1468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:24:43.0812 1468 Fastfat - ok
    18:24:43.0828 1468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    18:24:43.0828 1468 Fdc - ok
    18:24:43.0843 1468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:24:43.0843 1468 Fips - ok
    18:24:43.0859 1468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    18:24:43.0859 1468 Flpydisk - ok
    18:24:43.0890 1468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    18:24:43.0890 1468 FltMgr - ok
    18:24:43.0906 1468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:24:43.0906 1468 Fs_Rec - ok
    18:24:43.0953 1468 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
    18:24:43.0968 1468 FTDIBUS - ok
    18:24:43.0968 1468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:24:43.0968 1468 Ftdisk - ok
    18:24:43.0984 1468 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys
    18:24:44.0000 1468 FTSER2K - ok
    18:24:44.0031 1468 GIVEIO (6914627bb24739b1dc1d3c03aa24833d) C:\WINDOWS\SYSTEM32\DRIVERS\GIVEIO.SYS
    18:24:44.0046 1468 GIVEIO - ok
    18:24:44.0078 1468 GP8PSK (42dfbb0f502e4b5a85e1bf21f4a454d1) C:\WINDOWS\system32\Drivers\genpix.sys
    18:24:44.0093 1468 GP8PSK - ok
    18:24:44.0125 1468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:24:44.0125 1468 Gpc - ok
    18:24:44.0171 1468 GpibPrtK (7caff0f7785528ce20d31e0cd6c39027) C:\WINDOWS\system32\drivers\gpibprtk.sys
    18:24:44.0187 1468 GpibPrtK - ok
    18:24:44.0234 1468 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
    18:24:44.0250 1468 Hardlock - ok
    18:24:44.0265 1468 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:24:44.0265 1468 HDAudBus - ok
    18:24:44.0312 1468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:24:44.0312 1468 HidUsb - ok
    18:24:44.0343 1468 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    18:24:44.0343 1468 hpn - ok
    18:24:44.0406 1468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:24:44.0406 1468 HTTP - ok
    18:24:44.0437 1468 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    18:24:44.0437 1468 i2omgmt - ok
    18:24:44.0453 1468 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    18:24:44.0453 1468 i2omp - ok
    18:24:44.0500 1468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:24:44.0500 1468 i8042prt - ok
    18:24:44.0531 1468 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    18:24:44.0531 1468 iaStor - ok
    18:24:44.0562 1468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:24:44.0562 1468 Imapi - ok
    18:24:44.0578 1468 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    18:24:44.0578 1468 ini910u - ok
    18:24:44.0718 1468 IntcAzAudAddService (81b7003bf13ff3ac95d7b2d4c2e8f787) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    18:24:44.0859 1468 IntcAzAudAddService - ok
    18:24:44.0875 1468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    18:24:44.0875 1468 IntelIde - ok
    18:24:44.0906 1468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    18:24:44.0906 1468 Ip6Fw - ok
    18:24:44.0921 1468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:24:44.0921 1468 IpFilterDriver - ok
    18:24:44.0937 1468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:24:44.0937 1468 IpInIp - ok
    18:24:44.0968 1468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:24:44.0968 1468 IpNat - ok
    18:24:45.0015 1468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:24:45.0015 1468 IPSec - ok
    18:24:45.0046 1468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:24:45.0046 1468 IRENUM - ok
    18:24:45.0062 1468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:24:45.0062 1468 isapnp - ok
    18:24:45.0093 1468 jlink (2a2b575b66e9843c55a7e63218b4ef9f) C:\WINDOWS\system32\Drivers\jlink.sys
    18:24:45.0093 1468 jlink - ok
    18:24:45.0140 1468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:24:45.0140 1468 Kbdclass - ok
    18:24:45.0171 1468 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:24:45.0171 1468 kbdhid - ok
    18:24:45.0218 1468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:24:45.0218 1468 kmixer - ok
    18:24:45.0234 1468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:24:45.0250 1468 KSecDD - ok
    18:24:45.0250 1468 lbrtfdc - ok
    18:24:45.0265 1468 LMIInfo - ok
    18:24:45.0312 1468 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    18:24:45.0312 1468 lmimirr - ok
    18:24:45.0312 1468 LMIRfsClientNP - ok
    18:24:45.0343 1468 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    18:24:45.0343 1468 LMIRfsDriver - ok
    18:24:45.0390 1468 MCHPUSB (75fc98b97a8139be091cc4e5e9095f91) C:\WINDOWS\system32\drivers\mchpusb.sys
    18:24:45.0406 1468 MCHPUSB - ok
    18:24:45.0468 1468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:24:45.0468 1468 mnmdd - ok
    18:24:45.0500 1468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:24:45.0500 1468 Modem - ok
    18:24:45.0531 1468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:24:45.0531 1468 Mouclass - ok
    18:24:45.0578 1468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:24:45.0578 1468 mouhid - ok
    18:24:45.0578 1468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:24:45.0578 1468 MountMgr - ok
    18:24:45.0593 1468 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    18:24:45.0593 1468 mraid35x - ok
    18:24:45.0609 1468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:24:45.0609 1468 MRxDAV - ok
    18:24:45.0640 1468 MRxSmb (223a6c7b8803e46f621e8945aaf8f013) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:24:45.0687 1468 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 223a6c7b8803e46f621e8945aaf8f013, Fake md5: 7d304a5eb4344ebeeab53a2fe3ffb9f0
    18:24:45.0703 1468 MRxSmb ( Virus.Win32.ZAccess.k ) - infected
    18:24:45.0703 1468 MRxSmb - detected Virus.Win32.ZAccess.k (0)
    18:24:45.0718 1468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:24:45.0718 1468 Msfs - ok
    18:24:45.0750 1468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:24:45.0750 1468 MSKSSRV - ok
    18:24:45.0765 1468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:24:45.0765 1468 MSPCLOCK - ok
    18:24:45.0765 1468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:24:45.0781 1468 MSPQM - ok
    18:24:45.0796 1468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:24:45.0796 1468 mssmbios - ok
    18:24:45.0859 1468 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:24:45.0859 1468 Mup - ok
    18:24:45.0875 1468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:24:45.0875 1468 NDIS - ok
    18:24:45.0921 1468 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:24:45.0937 1468 NdisTapi - ok
    18:24:45.0984 1468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:24:45.0984 1468 Ndisuio - ok
    18:24:45.0984 1468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:24:46.0000 1468 NdisWan - ok
    18:24:46.0031 1468 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:24:46.0031 1468 NDProxy - ok
    18:24:46.0046 1468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:24:46.0046 1468 NetBIOS - ok
    18:24:46.0093 1468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:24:46.0093 1468 NetBT - ok
    18:24:46.0171 1468 NIPALK (eb81a127a2b56c9c6ee2f015fe1513e7) C:\WINDOWS\system32\drivers\nipalk.sys
    18:24:46.0171 1468 NIPALK - ok
    18:24:46.0187 1468 nipalusb (c3763f22fcc33d57a690152bfbccacd1) C:\WINDOWS\system32\DRIVERS\nipalusb.sys
    18:24:46.0218 1468 nipalusb - ok
    18:24:46.0234 1468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:24:46.0234 1468 Npfs - ok
    18:24:46.0296 1468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:24:46.0296 1468 Ntfs - ok
    18:24:46.0359 1468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:24:46.0359 1468 Null - ok
    18:24:46.0687 1468 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    18:24:46.0984 1468 nv - ok
    18:24:47.0078 1468 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    18:24:47.0078 1468 NVENETFD - ok
    18:24:47.0125 1468 nvgts (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys
    18:24:47.0125 1468 nvgts - ok
    18:24:47.0171 1468 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    18:24:47.0171 1468 nvnetbus - ok
    18:24:47.0187 1468 nvrd32 (3802044ad8385654c620488da8c9f0d9) C:\WINDOWS\system32\DRIVERS\nvrd32.sys
    18:24:47.0203 1468 nvrd32 - ok
    18:24:47.0218 1468 nvsmu (03dbb885deae94f06c06ec06acdb8b47) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
    18:24:47.0218 1468 nvsmu - ok
    18:24:47.0234 1468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:24:47.0234 1468 NwlnkFlt - ok
    18:24:47.0250 1468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:24:47.0250 1468 NwlnkFwd - ok
    18:24:47.0296 1468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    18:24:47.0296 1468 Parport - ok
    18:24:47.0296 1468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:24:47.0312 1468 PartMgr - ok
    18:24:47.0328 1468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:24:47.0328 1468 ParVdm - ok
    18:24:47.0328 1468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:24:47.0328 1468 PCI - ok
    18:24:47.0343 1468 PCIDump - ok
    18:24:47.0375 1468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:24:47.0375 1468 PCIIde - ok
    18:24:47.0406 1468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:24:47.0406 1468 Pcmcia - ok
    18:24:47.0421 1468 PDCOMP - ok
    18:24:47.0421 1468 PDFRAME - ok
    18:24:47.0437 1468 PDRELI - ok
    18:24:47.0437 1468 PDRFRAME - ok
    18:24:47.0484 1468 PEDRV (ec726effe5e7736f555b864e21a121d9) C:\WINDOWS\system32\drivers\PEDRV.sys
    18:24:47.0500 1468 PEDRV - ok
    18:24:47.0500 1468 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    18:24:47.0500 1468 perc2 - ok
    18:24:47.0515 1468 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    18:24:47.0515 1468 perc2hib - ok
    18:24:47.0562 1468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:24:47.0562 1468 PptpMiniport - ok
    18:24:47.0562 1468 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    18:24:47.0562 1468 Processor - ok
    18:24:47.0578 1468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:24:47.0578 1468 PSched - ok
    18:24:47.0609 1468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:24:47.0609 1468 Ptilink - ok
    18:24:47.0640 1468 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:24:47.0640 1468 PxHelp20 - ok
    18:24:47.0656 1468 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    18:24:47.0656 1468 ql1080 - ok
    18:24:47.0656 1468 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    18:24:47.0671 1468 Ql10wnt - ok
    18:24:47.0671 1468 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    18:24:47.0671 1468 ql12160 - ok
    18:24:47.0687 1468 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    18:24:47.0687 1468 ql1240 - ok
    18:24:47.0687 1468 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    18:24:47.0687 1468 ql1280 - ok
    18:24:47.0734 1468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:24:47.0734 1468 RasAcd - ok
    18:24:47.0734 1468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:24:47.0750 1468 Rasl2tp - ok
    18:24:47.0750 1468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:24:47.0750 1468 RasPppoe - ok
    18:24:47.0765 1468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:24:47.0765 1468 Raspti - ok
    18:24:47.0781 1468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:24:47.0781 1468 Rdbss - ok
    18:24:47.0796 1468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:24:47.0796 1468 RDPCDD - ok
    18:24:47.0812 1468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:24:47.0812 1468 rdpdr - ok
    18:24:47.0859 1468 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:24:47.0859 1468 RDPWD - ok
    18:24:47.0875 1468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:24:47.0875 1468 redbook - ok
    18:24:47.0937 1468 RxFilter (9edbcb3604d381505e5b80f68a84bd58) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
    18:24:47.0937 1468 RxFilter - ok
    18:24:47.0984 1468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:24:47.0984 1468 Secdrv - ok
    18:24:48.0015 1468 Sentinel (618a8eb6c3a830b7301df1dfd99854b2) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
    18:24:48.0031 1468 Sentinel - ok
    18:24:48.0046 1468 Ser2pl (c6bb9aadb4b1736c2e0b6c29b44f3890) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
    18:24:48.0078 1468 Ser2pl - ok
    18:24:48.0078 1468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    18:24:48.0093 1468 serenum - ok
    18:24:48.0093 1468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    18:24:48.0093 1468 Serial - ok
    18:24:48.0140 1468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:24:48.0140 1468 Sfloppy - ok
    18:24:48.0140 1468 Simbad - ok
    18:24:48.0203 1468 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    18:24:48.0203 1468 sisagp - ok
    18:24:48.0250 1468 SNTNLUSB (8d4a96868ae13c3cf8425b383b59d802) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
    18:24:48.0265 1468 SNTNLUSB - ok
    18:24:48.0265 1468 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    18:24:48.0265 1468 Sparrow - ok
    18:24:48.0296 1468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:24:48.0296 1468 splitter - ok
    18:24:48.0328 1468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:24:48.0328 1468 sr - ok
    18:24:48.0359 1468 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:24:48.0375 1468 Srv - ok
    18:24:48.0406 1468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:24:48.0406 1468 swenum - ok
    18:24:48.0421 1468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:24:48.0421 1468 swmidi - ok
    18:24:48.0437 1468 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    18:24:48.0437 1468 symc810 - ok
    18:24:48.0468 1468 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    18:24:48.0468 1468 symc8xx - ok
    18:24:48.0500 1468 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    18:24:48.0500 1468 sym_hi - ok
    18:24:48.0500 1468 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    18:24:48.0500 1468 sym_u3 - ok
    18:24:48.0546 1468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:24:48.0546 1468 sysaudio - ok
    18:24:48.0609 1468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:24:48.0609 1468 Tcpip - ok
    18:24:48.0640 1468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:24:48.0640 1468 TDPIPE - ok
    18:24:48.0640 1468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:24:48.0640 1468 TDTCP - ok
    18:24:48.0671 1468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:24:48.0671 1468 TermDD - ok
    18:24:48.0734 1468 tmactmon (7131c804d8847b695125bb8d91d64ee0) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
    18:24:48.0750 1468 tmactmon - ok
    18:24:48.0796 1468 tmcomm (09f386a6ec8d6c37bfa0d5394cb186c1) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
    18:24:48.0796 1468 tmcomm - ok
    18:24:48.0812 1468 tmevtmgr (c75310cbd1bccf3469c834143bc2390c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
    18:24:48.0828 1468 tmevtmgr - ok
    18:24:48.0843 1468 tmtdi (69bf24e2871088115f422d6c7f41c400) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
    18:24:48.0859 1468 tmtdi - ok
    18:24:48.0906 1468 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    18:24:48.0906 1468 TosIde - ok
    18:24:48.0953 1468 TVicPort (3147063508eae931becc01573c204fac) C:\WINDOWS\system32\drivers\TVicPort.sys
    18:24:48.0968 1468 TVicPort - ok
    18:24:49.0000 1468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:24:49.0000 1468 Udfs - ok
    18:24:49.0015 1468 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    18:24:49.0015 1468 ultra - ok
    18:24:49.0046 1468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:24:49.0062 1468 Update - ok
    18:24:49.0109 1468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:24:49.0109 1468 usbccgp - ok
    18:24:49.0125 1468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:24:49.0125 1468 usbehci - ok
    18:24:49.0140 1468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:24:49.0140 1468 usbhub - ok
    18:24:49.0156 1468 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    18:24:49.0156 1468 usbohci - ok
    18:24:49.0187 1468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:24:49.0187 1468 usbscan - ok
    18:24:49.0203 1468 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
    18:24:49.0203 1468 usbser - ok
    18:24:49.0218 1468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:24:49.0218 1468 USBSTOR - ok
    18:24:49.0234 1468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:24:49.0234 1468 VgaSave - ok
    18:24:49.0265 1468 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    18:24:49.0265 1468 viaagp - ok
    18:24:49.0296 1468 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    18:24:49.0296 1468 ViaIde - ok
    18:24:49.0312 1468 VICHW11 (316229487bcd5dca88b1ad04faa861a2) C:\WINDOWS\system32\drivers\VICHW11.sys
    18:24:49.0328 1468 VICHW11 - ok
    18:24:49.0343 1468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:24:49.0343 1468 VolSnap - ok
    18:24:49.0375 1468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:24:49.0375 1468 Wanarp - ok
    18:24:49.0437 1468 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    18:24:49.0437 1468 Wdf01000 - ok
    18:24:49.0453 1468 WDICA - ok
    18:24:49.0484 1468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:24:49.0484 1468 wdmaud - ok
    18:24:49.0515 1468 WinDriver6 (60c9339b020054ac604569ec7f4c995e) C:\WINDOWS\system32\drivers\windrvr6.sys
    18:24:49.0531 1468 WinDriver6 - ok
    18:24:49.0578 1468 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    18:24:49.0593 1468 WinUSB - ok
    18:24:49.0625 1468 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:24:49.0625 1468 WudfPf - ok
    18:24:49.0640 1468 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:24:49.0656 1468 WudfRd - ok
    18:24:49.0687 1468 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    18:24:49.0734 1468 \Device\Harddisk0\DR0 - ok
    18:24:49.0750 1468 Boot (0x1200) (0b9ef764468e4df45ff3efe2e9a5e3b4) \Device\Harddisk0\DR0\Partition0
    18:24:49.0750 1468 \Device\Harddisk0\DR0\Partition0 - ok
    18:24:49.0750 1468 Boot (0x1200) (e4ffc42de50b78bf76ffab496110ef8e) \Device\Harddisk0\DR0\Partition1
    18:24:49.0750 1468 \Device\Harddisk0\DR0\Partition1 - ok
    18:24:49.0750 1468 ============================================================
    18:24:49.0750 1468 Scan finished
    18:24:49.0750 1468 ============================================================
    18:24:49.0765 2592 Detected object count: 1
    18:24:49.0765 2592 Actual detected object count: 1
    18:25:01.0640 2592 Backup copy found, using it..
    18:25:01.0781 2592 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
    18:25:02.0968 2592 MRxSmb ( Virus.Win32.ZAccess.k ) - User select action: Cure
    18:25:05.0375 2212 Deinitialize success
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    Thanks for your help so far. Looks like things are clearing up. I have to leave but I'm excited to get this cleared up tomorrow.

    Here is the combofix log.


    ComboFix 12-01-23.02 - Robin 01/24/2012 18:45:44.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1636 [GMT -5:00]
    Running from: c:\documents and settings\Robin.APPLIEDIN\Desktop\ComboFix\ComboFix.exe
    AV: Trend Micro Security Agent *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Robin.AI\WINDOWS
    c:\documents and settings\Robin.APPLIEDIN\WINDOWS
    c:\drivers\install.bat
    c:\windows\$NtUninstallKB64497$
    c:\windows\$NtUninstallKB64497$\1423501382
    c:\windows\$NtUninstallKB64497$\3980465840\@
    c:\windows\$NtUninstallKB64497$\3980465840\bckfg.tmp
    c:\windows\$NtUninstallKB64497$\3980465840\cfg.ini
    c:\windows\$NtUninstallKB64497$\3980465840\Desktop.ini
    c:\windows\$NtUninstallKB64497$\3980465840\keywords
    c:\windows\$NtUninstallKB64497$\3980465840\kwrd.dll
    c:\windows\$NtUninstallKB64497$\3980465840\L\iiufwroj
    c:\windows\$NtUninstallKB64497$\3980465840\lsflt7.ver
    c:\windows\$NtUninstallKB64497$\3980465840\U\00000001.@
    c:\windows\$NtUninstallKB64497$\3980465840\U\00000002.@
    c:\windows\$NtUninstallKB64497$\3980465840\U\00000004.@
    c:\windows\$NtUninstallKB64497$\3980465840\U\80000000.@
    c:\windows\$NtUninstallKB64497$\3980465840\U\80000004.@
    c:\windows\$NtUninstallKB64497$\3980465840\U\80000032.@
    c:\windows\system32\lsprst7.dll
    c:\windows\system32\nsprs.dll
    c:\windows\system32\serauth1.dll
    c:\windows\system32\serauth2.dll
    c:\windows\system32\ssprs.dll
    c:\windows\system32\win.ini
    c:\windows\WINPROD.DLL
    D:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-24 16:16 . 2012-01-24 16:16 -------- d-----w- c:\program files\CCleaner
    2012-01-23 22:24 . 2012-01-23 22:24 -------- d-----w- c:\documents and settings\Robin
    2012-01-23 22:20 . 2012-01-23 22:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ipswitch
    2012-01-23 18:24 . 2012-01-23 18:24 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-20 22:39 . 2012-01-20 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-20 22:39 . 2012-01-23 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-20 22:39 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-20 16:17 . 2012-01-20 16:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2012-01-20 15:34 . 2012-01-23 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2012-01-19 21:57 . 2012-01-24 15:55 11264 ----a-w- c:\windows\DCEBoot.exe
    2012-01-19 19:13 . 2012-01-19 19:13 -------- d-----w- c:\program files\Common Files\Java
    2012-01-19 19:12 . 2011-11-10 10:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2012-01-19 19:06 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-01-19 19:06 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-19 19:06 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-19 19:06 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-01-13 15:33 . 2012-01-23 23:04 -------- d-----w- C:\FlashUpdate
    2012-01-12 23:43 . 2007-04-27 12:40 35328 ----a-w- c:\windows\system32\drivers\SNTNLUSB.SYS
    2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-24 23:26 . 2008-04-26 00:05 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-12-05 21:26 . 2011-12-05 21:26 14208 ----a-w- c:\windows\system32\drivers\jlink.sys
    2011-11-25 21:57 . 2008-04-26 00:05 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2008-04-26 00:05 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-21 15:25 . 2011-06-09 16:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-18 12:35 . 2008-04-26 00:05 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-10 10:54 . 2010-05-13 13:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 08:27 . 2009-12-29 20:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-04 19:20 . 2008-04-26 00:05 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2008-04-26 00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2008-04-26 00:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2008-04-26 00:05 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 15:28 . 2008-04-26 00:05 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28 . 2008-04-26 00:05 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2008-04-26 00:05 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2008-04-26 00:05 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-21 07:24 . 2011-12-05 19:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-03-26 121064]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2008-06-19 21:20 57344 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-02-28 20:15 136176 ----atw- c:\documents and settings\Robin.AI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2009-06-10 12:29 1657376 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2008-12-30 19:58 18082304 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-06-20 14:37 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Freescale\\CodeWarrior for Microcontrollers V6.2\\prog\\hiwave.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\pemicro\\cyclone_pro\\CreateImage.exe"=
    "c:\\pemicro\\cyclone_pro\\csaphcs08z.exe"=
    .
    R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [4/28/2008 1:05 PM 120832]
    R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [5/17/2011 5:07 PM 196320]
    R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\GpibPrtK.sys [6/15/2006 9:45 AM 191488]
    R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [10/16/2009 4:28 PM 28080]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/17/2011 5:08 PM 65296]
    R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [10/16/2009 4:28 PM 9984]
    R3 Dta1xx;Dta1xx;c:\windows\system32\drivers\Dta1xx.sys [5/20/2010 1:07 PM 103448]
    R3 MCHPUSB;MCHPUSB;c:\windows\system32\drivers\mchpusb.sys [9/3/2009 9:47 AM 61440]
    R3 nipalusb;NI-PAL USB Driver;c:\windows\system32\drivers\nipalusb.sys [3/27/2006 1:46 AM 105472]
    S1 CEC488;CEC488;c:\windows\system32\drivers\CEC488.sys [6/15/2006 9:33 AM 11264]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S3 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [2/12/2008 9:12 PM 76272]
    S3 DirectIO;DirectIO;c:\windows\system32\drivers\DirectIO.sys [12/15/2008 12:04 PM 3408]
    S3 GP8PSK;Genpix USB Driver (3.4.0.110);c:\windows\system32\drivers\genpix.sys [8/9/2011 11:25 AM 38400]
    S3 jlink;J-Link driver;c:\windows\system32\drivers\jlink.sys [12/5/2011 4:26 PM 14208]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [7/18/2008 7:43 AM 1120752]
    S3 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [7/18/2008 7:43 AM 166384]
    S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [7/18/2008 7:43 AM 309744]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NIPALK
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-05 c:\windows\Tasks\AdobeARM.job
    - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 07:37]
    .
    2012-01-05 c:\windows\Tasks\GoogleUpdate.job
    - c:\documents and settings\Robin.AI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-28 20:15]
    .
    2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839355074-3754453157-3932891548-1112Core.job
    - c:\documents and settings\Robin.AI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-28 20:15]
    .
    2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839355074-3754453157-3932891548-1112UA.job
    - c:\documents and settings\Robin.AI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-28 20:15]
    .
    2012-01-05 c:\windows\Tasks\jucheck.job
    - c:\program files\Common Files\Java\Java Update\jucheck.exe [2011-06-09 18:06]
    .
    2012-01-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2839355074-3754453157-3932891548-1112.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2839355074-3754453157-3932891548-1112.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.3 68.87.72.134 68.87.77.134
    DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://serverpdc:4343/SMB/console/html/root/AtxEnc.cab
    FF - ProfilePath - c:\documents and settings\Robin.APPLIEDIN\Application Data\Mozilla\Firefox\Profiles\thh1rt9x.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-33671359.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-24 19:02
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    - - - - - - - > 'explorer.exe'(1932)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Java\jre6\bin\jqs.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-24 19:09:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-25 00:08
    .
    Pre-Run: 112,315,723,776 bytes free
    Post-Run: 112,726,069,248 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
    .
    - - End Of File - - FBADF2415EF0981223AF97B6BDEE5DCE
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    My computer seems to be running much better. The web page redirecting is seems to be taken care of.

    However, Trend Micro is still popping up a message that it is blocking Restriced URLs when browing the web. It listed 4 blocked URLs when opening the TechSpot site. It listed them as "Made for AdSense sites."


    OTL log part 1:


    OTL logfile created on: 1/25/2012 10:24:50 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Robin.APPLIEDIN\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 72.80% Memory free
    3.78 Gb Paging File | 3.40 Gb Available in Paging File | 89.94% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 129.05 Gb Total Space | 104.96 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
    Drive D: | 20.00 Gb Total Space | 16.12 Gb Free Space | 80.61% Space Free | Partition Type: NTFS
    Drive F: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
    Drive J: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
    Drive L: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
    Drive M: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
    Drive N: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
    Drive V: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
    Drive W: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS

    Computer Name: ENG2 | User Name: Robin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/25 10:15:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\OTL.exe
    PRC - [2011/03/30 01:51:30 | 000,681,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
    PRC - [2011/03/26 08:07:32 | 001,076,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    PRC - [2011/03/26 08:04:38 | 000,121,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    PRC - [2011/01/21 14:11:54 | 000,196,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    PRC - [2010/10/28 18:02:02 | 000,056,952 | ---- | M] (Ipswitch) -- C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
    PRC - [2010/10/21 06:03:32 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/03/30 01:42:36 | 000,233,472 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\libTmHttpServer.dll
    MOD - [2011/03/30 01:42:36 | 000,126,976 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\libTmHttpClient.dll
    MOD - [2011/01/04 00:53:54 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\boost_date_time-vc80-mt-1_36.dll
    MOD - [2011/01/04 00:53:54 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\boost_thread-vc80-mt-1_36.dll
    MOD - [2011/01/04 00:53:26 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
    MOD - [2011/01/04 00:53:26 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
    MOD - [2011/01/04 00:53:26 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
    MOD - [2011/01/04 00:53:26 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
    MOD - [2010/12/24 22:03:24 | 000,174,432 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
    MOD - [2010/10/28 17:55:42 | 006,551,672 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\res0409.dll
    MOD - [2010/10/28 17:52:36 | 000,948,496 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\libeay32.dll
    MOD - [2010/10/28 17:52:36 | 000,153,360 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\ssleay32.dll
    MOD - [2009/06/10 07:29:34 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/03/30 01:51:30 | 000,681,488 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (TmListen)
    SRV - [2011/01/21 14:11:54 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
    SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2008/07/18 07:43:38 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
    SRV - [2008/07/18 07:43:32 | 000,166,384 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
    SRV - [2008/07/18 07:43:02 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
    SRV - [2008/02/12 21:12:16 | 000,076,272 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -- (CEEBC40A-FDED-4C59-B354-939132350B01)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/05 16:26:51 | 000,014,208 | ---- | M] (SEGGER Microcontroller Systeme GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jlink.sys -- (jlink)
    DRV - [2011/09/26 17:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2011/08/09 11:54:36 | 000,038,400 | ---- | M] (Genpix Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\genpix.sys -- (GP8PSK) Genpix USB Driver (3.4.0.110)
    DRV - [2011/02/28 13:37:22 | 000,103,448 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dta1xx.sys -- (Dta1xx)
    DRV - [2011/02/25 17:10:00 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2011/02/25 17:09:00 | 000,190,736 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2011/02/25 17:09:00 | 000,065,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2010/11/08 11:38:56 | 000,199,912 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
    DRV - [2010/10/01 02:59:16 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2009/10/22 10:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2009/10/22 10:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2009/10/16 16:28:24 | 000,009,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vichw11.sys -- (VICHW11)
    DRV - [2009/10/16 16:28:14 | 000,028,080 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pedrv.sys -- (PEDRV)
    DRV - [2009/10/16 16:28:14 | 000,010,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GIVEIO.SYS -- (GIVEIO)
    DRV - [2009/01/06 19:00:08 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/12/15 12:04:16 | 000,003,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DirectIO.sys -- (DirectIO)
    DRV - [2008/07/18 09:11:40 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
    DRV - [2008/04/14 01:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
    DRV - [2008/03/21 07:42:00 | 000,088,896 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2008/02/15 14:15:26 | 000,014,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/01/29 11:37:48 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2008/01/29 11:37:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2008/01/25 19:01:06 | 000,132,096 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
    DRV - [2008/01/17 14:51:24 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
    DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
    DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2006/10/27 08:12:32 | 000,120,832 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ahcix86.sys -- (ahcix86)
    DRV - [2006/10/12 19:21:04 | 000,020,512 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TVicPort.sys -- (TVicPort)
    DRV - [2006/06/15 09:45:26 | 000,191,488 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GpibPrtK.sys -- (GpibPrtK)
    DRV - [2006/06/15 09:33:54 | 000,011,264 | ---- | M] (Capital Equipment Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\CEC488.sys -- (CEC488)
    DRV - [2006/03/27 01:46:40 | 000,105,472 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nipalusb.sys -- (nipalusb)
    DRV - [2006/03/27 01:46:22 | 000,552,960 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipalk.sys -- (NIPALK)
    DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
    DRV - [2004/11/22 06:03:56 | 000,061,440 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mchpusb.sys -- (MCHPUSB)
    DRV - [2004/10/05 10:48:06 | 000,042,752 | ---- | M] (Ranioshack Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8MC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
    IE - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\firefoxextension\ [2011/08/11 08:55:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/20 09:39:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\Toolbar\firefoxextension [2011/05/17 17:07:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/19 14:06:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/19 14:12:48 | 000,000,000 | ---D | M]

    [2012/01/23 17:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Mozilla\Extensions
    [2012/01/19 14:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/19 14:12:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    [2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/01/24 19:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ToolbarIE.dll (Trend Micro Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ToolbarIE.dll (Trend Micro Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2839355074-3754453157-3932891548-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://serverpdc:4343/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://serverpdc:4343/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259762057906 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259762048703 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} https://serverpdc:4343/SMB/console/html/root/AtxEnc.cab (Encrypt Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.3 68.87.72.134 68.87.77.134
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = appliedin.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{640B1B98-63B5-4FA3-A1D3-72037481984A}: DhcpNameServer = 192.168.1.3 68.87.72.134 68.87.77.134
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ToolbarIE.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFrameWork\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 19:16:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/25 10:15:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\OTL.exe
    [2012/01/24 18:38:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/01/24 18:35:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/01/24 18:35:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/01/24 18:35:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/01/24 18:35:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/01/24 18:35:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/01/24 18:35:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/24 18:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\ComboFix
    [2012/01/24 18:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\TDS
    [2012/01/24 16:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\BKR
    [2012/01/24 16:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\aswMBR
    [2012/01/24 16:12:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2012/01/24 16:12:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
    [2012/01/24 16:12:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
    [2012/01/24 15:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Temp
    [2012/01/24 14:35:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Recent
    [2012/01/24 12:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\IAR Embedded Workbench
    [2012/01/24 12:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\DDS sUBs
    [2012/01/24 12:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\GMER
    [2012/01/24 12:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Sun
    [2012/01/24 11:37:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/01/24 11:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
    [2012/01/24 11:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
    [2012/01/24 11:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/01/24 11:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Reg Backup
    [2012/01/23 18:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Malwarebytes
    [2012/01/23 18:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Plugins
    [2012/01/23 18:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Processor Expert Projects
    [2012/01/23 18:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Processor Expert
    [2012/01/23 18:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Metrowerks
    [2012/01/23 17:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Mozilla
    [2012/01/23 17:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Mozilla
    [2012/01/23 17:52:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\IECompatCache
    [2012/01/23 17:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Adobe
    [2012/01/23 17:47:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\PrivacIE
    [2012/01/23 17:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\workspace
    [2012/01/23 17:38:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Administrative Tools
    [2012/01/23 17:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Visual Studio 2008
    [2012/01/23 17:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\QBridge Control Center
    [2012/01/23 17:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Downloads
    [2012/01/23 17:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\AirTalk
    [2012/01/23 17:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\AirTunerV004
    [2012/01/23 17:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\Cal
    [2012/01/23 17:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\FlexBoot
    [2012/01/23 17:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\FlexisV121
    [2012/01/23 17:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\My Projects
    [2012/01/23 17:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\Off Air
    [2012/01/23 17:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\TunerTalkV110
    [2012/01/23 17:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\AppVerifierLogs
    [2012/01/23 17:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Ipswitch
    [2012/01/23 17:32:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft
    [2012/01/23 17:32:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\SendTo
    [2012/01/23 17:32:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data
    [2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Startup
    [2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu
    [2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\My Videos
    [2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\My Pictures
    [2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\My Music
    [2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents
    [2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Favorites
    [2012/01/23 17:32:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Accessories
    [2012/01/23 17:32:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\UserData
    [2012/01/23 17:32:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\IETldCache
    [2012/01/23 17:32:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Cookies
    [2012/01/23 17:32:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Templates
    [2012/01/23 17:32:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\PrintHood
    [2012/01/23 17:32:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\NetHood
    [2012/01/23 17:32:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings
    [2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Small Business Accounting
    [2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Seven Zip
    [2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Microsoft Help
    [2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Microsoft
    [2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Macromedia
    [2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Identities
    [2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop
    [2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\ApplicationHistory
    [2012/01/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Application Data\Adobe
    [2012/01/20 17:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/20 17:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/01/20 17:39:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/01/20 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/20 17:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/01/20 17:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/01/20 10:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2012/01/19 14:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/01/13 10:33:07 | 000,000,000 | ---D | C] -- C:\FlashUpdate
    [2012/01/12 18:43:10 | 000,035,328 | ---- | C] (SafeNet, Inc.) -- C:\WINDOWS\System32\drivers\SNTNLUSB.SYS
    [2009/09/21 11:44:01 | 000,030,208 | ---- | C] ( ) -- C:\WINDOWS\System32\RC00C150.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/25 10:15:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\OTL.exe
    [2012/01/25 10:09:12 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2012/01/25 10:09:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/25 10:09:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2839355074-3754453157-3932891548-1112.job
    [2012/01/25 10:08:50 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
    [2012/01/25 10:08:44 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
    [2012/01/25 10:08:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/24 19:01:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/01/24 18:38:29 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2012/01/24 14:53:56 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/01/24 12:31:15 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
    [2012/01/24 12:31:14 | 000,000,355 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
    [2012/01/24 12:31:14 | 000,000,017 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
    [2012/01/24 11:34:51 | 000,000,212 | ---- | M] () -- C:\Boot.bak
    [2012/01/24 10:55:10 | 000,011,264 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
    [2012/01/23 18:03:21 | 000,017,950 | ---- | M] () -- C:\WINDOWS\mcutools.ini
    [2012/01/23 17:48:35 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2839355074-3754453157-3932891548-1112.job
    [2012/01/23 17:44:59 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/01/23 17:32:16 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/01/20 16:21:49 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
    [2012/01/18 15:12:26 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2012/01/13 10:30:30 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\FlashUpdate Local.lnk
    [2012/01/12 15:51:36 | 000,539,132 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/01/12 15:51:36 | 000,108,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/01/05 10:45:00 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdate.job
    [2012/01/05 10:33:43 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\AdobeARM.job
    [2012/01/05 10:25:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\jucheck.job
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/24 18:38:29 | 000,000,212 | ---- | C] () -- C:\Boot.bak
    [2012/01/24 18:38:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/01/24 18:35:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/24 18:35:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/24 18:35:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/24 18:35:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/24 18:35:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/01/24 14:53:56 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/01/23 17:44:59 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/01/23 17:38:46 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\SWWATER.INI
    [2012/01/23 17:38:46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\My Documents\Default.rdp
    [2012/01/23 17:33:34 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\Internet.lnk
    [2012/01/23 17:33:34 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\Shortcut to Data Center.exe.lnk
    [2012/01/23 17:33:34 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\Shortcut to TunerTalk.exe.lnk
    [2012/01/23 17:33:34 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\FlashUpdate Local.lnk
    [2012/01/23 17:32:13 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Windows Media Player.lnk
    [2012/01/23 17:32:06 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\CinePlayer.lnk
    [2012/01/23 17:32:06 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/01/23 17:32:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2012/01/23 17:32:05 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Remote Assistance.lnk
    [2012/01/23 17:32:05 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Internet Explorer.lnk
    [2012/01/23 17:32:05 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Robin.APPLIEDIN\Start Menu\Programs\Outlook Express.lnk
    [2012/01/20 16:21:49 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
    [2012/01/20 16:21:48 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3846529457-2878959542-3224240428-1008.job
    [2012/01/19 16:57:12 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
    [2012/01/18 15:12:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/12/02 12:49:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
    [2011/12/02 12:33:04 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
    [2011/12/02 12:33:04 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
    [2011/08/09 13:03:03 | 000,000,216 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
    [2011/04/06 08:42:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/02/10 17:56:27 | 000,252,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/01/18 14:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/01/11 17:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
    [2010/08/16 16:04:25 | 000,018,159 | ---- | C] () -- C:\WINDOWS\cfgall.ini
    [2010/07/27 10:29:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2010/06/02 13:30:17 | 000,241,705 | ---- | C] () -- C:\WINDOWS\System32\gpib.dll
    [2010/06/02 13:29:45 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PORT32.DLL
    [2010/05/20 13:07:41 | 000,103,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\Dta1xx.sys
    [2010/05/20 13:07:09 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
    [2010/05/20 13:07:09 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe
    [2009/11/23 09:34:08 | 000,344,124 | ---- | C] () -- C:\WINDOWS\System32\TPUSBUninstaller.exe
    [2009/10/16 16:28:24 | 000,009,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\vichw11.sys
    [2009/10/16 16:28:14 | 000,028,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\pedrv.sys
    [2009/10/16 16:28:14 | 000,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\GIVEIO.SYS
    [2009/10/16 16:27:28 | 000,434,352 | ---- | C] () -- C:\WINDOWS\System32\PEUSBWD2.DLL
    [2009/10/16 16:27:08 | 000,434,352 | ---- | C] () -- C:\WINDOWS\System32\PEUSBMGR.dll
    [2009/10/16 16:26:24 | 000,408,240 | ---- | C] () -- C:\WINDOWS\System32\peusba05.dll
    [2009/10/16 16:26:12 | 000,408,752 | ---- | C] () -- C:\WINDOWS\System32\peusba04.dll
    [2009/10/16 16:26:12 | 000,408,752 | ---- | C] () -- C:\WINDOWS\System32\peusba03.dll
    [2009/10/16 16:26:00 | 000,408,752 | ---- | C] () -- C:\WINDOWS\System32\peusba02.dll
    [2009/10/16 16:25:50 | 000,408,752 | ---- | C] () -- C:\WINDOWS\System32\peusba01.dll
    [2009/10/16 16:25:42 | 000,666,288 | ---- | C] () -- C:\WINDOWS\System32\pemicro_serialcm2.dll
    [2009/09/30 15:33:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\msds.dat
    [2009/09/21 11:44:01 | 000,000,077 | ---- | C] () -- C:\WINDOWS\ricdb.ini
    [2009/09/21 11:44:01 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
    [2009/09/02 12:03:00 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/09/01 07:08:32 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
    [2009/08/31 11:09:12 | 000,017,950 | ---- | C] () -- C:\WINDOWS\mcutools.ini
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/07/31 10:51:15 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2009/07/31 10:50:54 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\syx45326.dat
    [2009/07/31 09:19:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/07/31 06:54:36 | 000,003,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
    [2009/06/10 07:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2009/06/10 07:29:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2009/06/10 07:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2009/06/10 07:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2009/06/10 07:29:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2009/06/10 07:29:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2009/06/10 07:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/12/15 12:04:16 | 000,003,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\DirectIO.sys
    [2008/07/17 09:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2008/04/25 21:01:09 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2008/04/25 19:19:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/04/25 19:14:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/04/25 19:11:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/04/25 19:06:01 | 000,000,507 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2008/04/25 19:05:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/25 19:05:53 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/25 19:05:53 | 000,539,132 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/25 19:05:53 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/25 19:05:53 | 000,108,756 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/25 19:05:53 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/25 19:05:53 | 000,005,559 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/25 19:05:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2008/04/25 19:05:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/25 19:05:52 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/25 19:05:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/25 19:05:49 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2006/06/15 09:43:26 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\gpib-vdd.dll
    [2006/06/15 09:37:18 | 000,008,561 | ---- | C] () -- C:\WINDOWS\System32\GPIB.INI
    [2006/06/15 09:33:56 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\CECVDD.DLL
    [2006/06/15 09:33:54 | 000,000,736 | ---- | C] () -- C:\WINDOWS\CEC488.INI
    [2006/03/27 01:46:24 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
    [2000/08/03 13:25:12 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\pedrv.sys
    [1996/05/29 16:20:04 | 000,035,072 | ---- | C] () -- C:\WINDOWS\System32\SENDKEY.DLL

    ========== LOP Check ==========

    [2009/09/02 07:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Processor Expert
    [2011/04/07 11:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2012/01/20 11:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2009/09/03 12:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
    [2009/09/02 07:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Processor Expert
    [2009/07/31 07:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2010/08/16 12:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\.TotalPhase
    [2011/07/12 10:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\BigBrotherLite
    [2010/08/09 08:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\Broadcom Corporation
    [2011/04/07 11:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\DAEMON Tools Lite
    [2010/11/09 12:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\EDrawings
    [2011/12/02 12:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\IAR Embedded Workbench
    [2011/07/07 12:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\ieSpell
    [2009/09/02 07:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\Processor Expert
    [2009/09/30 15:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\RFlasher7
    [2009/09/30 15:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\Ride7
    [2011/02/03 12:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.AI\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2012/01/24 12:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\IAR Embedded Workbench
    [2012/01/23 18:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Processor Expert
    [2012/01/05 10:25:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job

    ========== Purity Check ==========
     
  11. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    OTL part 2:





    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/10/18 17:54:03 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2008/04/25 19:16:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/10/25 14:17:37 | 000,011,008 | ---- | M] () -- C:\bar.emf
    [2012/01/24 11:34:51 | 000,000,212 | ---- | M] () -- C:\Boot.bak
    [2012/01/24 18:38:29 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/01/24 19:09:01 | 000,014,023 | ---- | M] () -- C:\ComboFix.txt
    [2008/04/25 19:16:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/04/25 19:16:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/04/25 19:16:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/01/25 10:08:20 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/05/20 13:01:02 | 000,000,852 | ---- | M] () -- C:\pedriver.txt
    [2010/02/25 14:16:56 | 000,376,136 | ---- | M] () -- C:\setup.log
    [2009/08/07 10:40:19 | 000,061,700 | ---- | M] () -- C:\SIGNED.TXT
    [2009/08/07 10:40:19 | 000,091,106 | ---- | M] () -- C:\SIGVERIF.TXT
    [2012/01/24 18:25:05 | 000,063,076 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_24.01.2012_18.24.36_log.txt
    [2009/08/07 10:40:19 | 000,000,172 | ---- | M] () -- C:\TOTALS.TXT
    [2009/08/07 10:40:19 | 000,029,408 | ---- | M] () -- C:\UNSCANNED.TXT
    [2009/08/07 10:39:53 | 000,000,002 | ---- | M] () -- C:\UNSIGNED.TXT

    < %systemroot%\Fonts\*.com >
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/04/25 19:16:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/07/03 10:54:12 | 000,091,648 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4sa.dll
    [2011/09/26 17:16:04 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/04/25 19:10:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2008/04/25 19:10:18 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2008/04/25 19:10:18 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/04/25 19:16:32 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/01/23 17:32:15 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/04/25 19:20:12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/25 10:15:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin.APPLIEDIN\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2011/12/19 03:04:46 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/08/31 09:03:07 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/01 15:42:57 | 000,003,108 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/01/25 10:16:24 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Robin.APPLIEDIN\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/03 02:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/03 02:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 02:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 08:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/03 02:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/03 02:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/03 02:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/03 02:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/03 02:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 176 bytes -> C:\WINDOWS\System32\gpib.dll:SummaryInformation

    < End of report >
     
  12. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    Extras.txt log:

    OTL Extras logfile created on: 1/25/2012 10:24:50 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Robin.APPLIEDIN\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 72.80% Memory free
    3.78 Gb Paging File | 3.40 Gb Available in Paging File | 89.94% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 129.05 Gb Total Space | 104.96 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
    Drive D: | 20.00 Gb Total Space | 16.12 Gb Free Space | 80.61% Space Free | Partition Type: NTFS
    Drive F: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
    Drive J: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
    Drive L: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
    Drive M: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
    Drive N: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
    Drive V: | 97.66 Gb Total Space | 9.36 Gb Free Space | 9.58% Space Free | Partition Type: NTFS
    Drive W: | 382.14 Gb Total Space | 344.92 Gb Free Space | 90.26% Space Free | Partition Type: NTFS

    Computer Name: ENG2 | User Name: Robin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "28625:TCP" = 28625:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.2\prog\hiwave.exe" = C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.2\prog\hiwave.exe:*:Enabled:HIWAVE EXE -- (Freescale)
    "C:\pemicro\cyclone_pro\CreateImage.exe" = C:\pemicro\cyclone_pro\CreateImage.exe:*:Enabled:Cyclone Image Creation Utility -- (P&E Microcomputer Systems, Inc.)
    "C:\pemicro\cyclone_pro\csaphcs08z.exe" = C:\pemicro\cyclone_pro\csaphcs08z.exe:*:Enabled:csaphcs08z -- (P&E Microcomputer Systems, Inc.)
    "C:\Program Files\COOL.STF\TSReaderLite\TSReaderLite.exe" = C:\Program Files\COOL.STF\TSReaderLite\TSReaderLite.exe:*:Enabled:TSReader -- (COOLSTF.com Inc.)
    "C:\Program Files\Freescale10.1\CW MCU v10.1\eclipse\cwide.exe" = C:\Program Files\Freescale10.1\CW MCU v10.1\eclipse\cwide.exe:*:Enabled:cwide
    "C:\Program Files\Freescale10.1\CW MCU v10.1\analysis\1.1.0\lib\host\vendor\win\python-2.5\python.exe" = C:\Program Files\Freescale10.1\CW MCU v10.1\analysis\1.1.0\lib\host\vendor\win\python-2.5\python.exe:*:Enabled:python
    "C:\Program Files\Freescale10.1\CW MCU v10.1\MCU\ccs\bin\ccs.exe" = C:\Program Files\Freescale10.1\CW MCU v10.1\MCU\ccs\bin\ccs.exe:*:Enabled:CodeWarrior Connection Server
    "C:\Program Files\Freescale10.1\CW MCU v10.1\MCU\bin\DE.exe" = C:\Program Files\Freescale10.1\CW MCU v10.1\MCU\bin\DE.exe:*:Enabled:Integrated Development Environment
    "C:\pemicro\cyclone_pro\ManageImages.exe" = C:\pemicro\cyclone_pro\ManageImages.exe:*:Enabled:Cyclone Image Creation Utility -- (P&E Microcomputer Systems, Inc.)
    "C:\pemicro\cyclone_pro\ConfigureIP.exe" = C:\pemicro\cyclone_pro\ConfigureIP.exe:*:Enabled:Cyclone Image Creation Utility -- (P&E Microcomputer Systems, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.2\prog\hiwave.exe" = C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.2\prog\hiwave.exe:*:Enabled:HIWAVE EXE -- (Freescale)
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\pemicro\cyclone_pro\CreateImage.exe" = C:\pemicro\cyclone_pro\CreateImage.exe:*:Enabled:Cyclone Image Creation Utility -- (P&E Microcomputer Systems, Inc.)
    "C:\pemicro\cyclone_pro\csaphcs08z.exe" = C:\pemicro\cyclone_pro\csaphcs08z.exe:*:Enabled:csaphcs08z -- (P&E Microcomputer Systems, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{047815FB-4E38-42D5-95CB-8A131DDD8668}" = Microsoft Windows Theme Nunavut
    "{0581DBCC-5B28-427B-B9F2-0C734E46D821}" = QBridge Control Center
    "{05DD8AEF-3113-42BD-B51D-842DB111123A}" = PEMICRO Demo QE Toolkit
    "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{0A07E717-BB5D-4B99-840B-6C5DED52B277}" = Trend Micro Worry-Free Business Security Agent
    "{109994A3-EB45-4EEB-9CAA-A7BCE33D72A9}" = P&E Cyclone Pro Programmer
    "{11743911-C752-4DA3-B00A-532A57CA6C9B}" = StreamXpress Stream Player (DTC-300)
    "{17EB55C4-8FC3-4D38-891C-640A0F2BEA7C}" = GPIB-488 version 2.0
    "{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 30
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B0DCF16-FB6A-4A1D-993B-448245A71CE0}" = Broadband Studio 3 - Bcm94506
    "{404C18ED-873A-4191-BA03-30F627445418}" = Sentinel Protection Installer 7.3.0
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator XE
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{67CA389E-E759-4181-99FA-CD8B63853FB1}" = Roxio Creator XE
    "{6DBBB19F-9526-4F90-99C6-E95D486651E7}" = Broadband Studio 3
    "{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{85904389-B6A2-49A4-8FD1-E78B56840BC9}" = Broadband Studio 2
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISSTDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISSTDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISSTDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISSTDR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_VISSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_VISSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
    "{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9ED71778-0E56-4760-9FC6-2C29D75100C5}" = Radioshack USB-to-Serial cable
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A350A8B9-1705-450E-B771-12E7D3AF84B1}" = TunerTalk
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A58F2B4A-ABAC-479E-83CE-F3AF284C9737}" = Sentinel System Driver Installer 7.4.2
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D03AFE2C-404B-4B52-86A5-49DB8774573E}" = CodeWarrior Development Studio for Microcontrollers V6.2
    "{DE187714-9BAB-4767-8431-286BE54A685F}" = IAR Embedded Workbench for ARM 5.40
    "{E2C689A9-1B68-4144-9D84-735A7F4F419E}" = P&E Device Drivers
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = UC-232A USB-to-Serial
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F434F50E-7614-3EA8-9008-2FB866B697DA}" = Microsoft Visual Studio 2008 Standard Edition - ENU
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE4C533F-7B0C-4B6F-A1C3-B4449B02D5B8}" = Broadband Studio 2 Bcm94506 PlugIn
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
    "5007 Config Mgr - Admin Version" = Valon Technology, LLC 5007 Config Mgr - Admin Version 1.2.4
    "88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
    "ABA711DD50380EF91CB183F7CCDF6FFF13A3A738" = Windows Driver Package - Segger (jlink) USB (01/09/2007 2.6.5.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AE3DA7FEC22E9FC9FE0453738A4DE2CDECE169F8" = Windows Driver Package - SofTec Microsystems (sft02) SofTecUSBDevices (02/07/2007 2.40.0.0)
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "CCleaner" = CCleaner
    "DVB Dream_is1" = DVB Dream version 1.5f
    "Hardlock Device Drivers" = Hardlock Device Drivers
    "IE4Dev" = Microsoft Script Debugger
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "MentorGraphicsJI" = Mentor Graphics Products
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Studio 2008 Standard Edition - ENU" = Microsoft Visual Studio 2008 Standard Edition - ENU
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NVIDIA Drivers" = NVIDIA Drivers
    "PROHYBRIDR" = 2007 Microsoft Office system
    "Rainbow Sentinel Driver" = Sentinel System Driver
    "RealPlayer 12.0" = RealPlayer
    "TotalPhase" = Total Phase USB Driver v2.01
    "TSReader Lite_is1" = TSReader Lite 2.8.46g
    "TVicPort 4.1 Free Personal Edition" = TVicPort 4.1 Free Personal Edition
    "VISSTDR" = Microsoft Office Visio Standard 2007
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "VLC media player" = VLC media player 1.1.11
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wofie" = Trend Micro Worry-Free Business Security Agent
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/24/2012 7:26:34 PM | Computer Name = ENG2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 1/24/2012 7:44:38 PM | Computer Name = ENG2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 1/24/2012 7:44:39 PM | Computer Name = ENG2 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 1/24/2012 7:44:45 PM | Computer Name = ENG2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 1/24/2012 8:01:17 PM | Computer Name = ENG2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 1/24/2012 8:01:18 PM | Computer Name = ENG2 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 1/24/2012 8:01:24 PM | Computer Name = ENG2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 1/25/2012 11:08:41 AM | Computer Name = ENG2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 1/25/2012 11:08:42 AM | Computer Name = ENG2 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 1/25/2012 11:08:48 AM | Computer Name = ENG2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    [ OSession Events ]
    Error - 9/21/2009 1:05:41 PM | Computer Name = YOUR-9F2E7EB032 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 982
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/23/2012 2:03:21 PM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7000
    Description = The LogMeIn Kernel Information Provider service failed to start due
    to the following error: %%3

    Error - 1/23/2012 10:46:03 PM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 1/24/2012 2:02:03 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 1/24/2012 3:02:42 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 1/24/2012 6:02:00 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 1/24/2012 8:02:01 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 1/24/2012 11:01:26 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 1/24/2012 2:01:21 PM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 1/25/2012 11:08:41 AM | Computer Name = ENG2 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain APPLIEDIN due to the
    following: %%1311. Make sure that the computer is connected to the network and try
    again.
    If the problem persists, please contact your domain administrator.

    Error - 1/25/2012 11:10:14 AM | Computer Name = ENG2 | Source = Service Control Manager | ID = 7000
    Description = The LogMeIn Kernel Information Provider service failed to start due
    to the following error: %%3


    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    It looks like Trend is a bit too sensitive.
    I wouldn't worry about those.

    =================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 176 bytes -> C:\WINDOWS\System32\gpib.dll:SummaryInformation
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    Here is the OTL log.

    The Security Check link is blocked by my antivirus. It has a different (more serious looking) message than what I had mentioned before. It says that it blocked the page because it was a known malicious URL. Can you verify that the link is ok before I bypass my antivirus to open it? I will wait for your instruction before completing the rest of the scans.

    ==================================================

    OTL:


    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\WINDOWS\System32\gpib.dll:SummaryInformation deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: administrator.APPLIEDIN
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 98508 bytes
    ->Flash cache emptied: 56468 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 1130 bytes

    User: Robin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Robin.AI
    ->Temp folder emptied: 25138724 bytes
    ->Temporary Internet Files folder emptied: 234980 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 45489527 bytes
    ->Flash cache emptied: 0 bytes

    User: Robin.APPLIEDIN
    ->Temp folder emptied: 67612 bytes
    ->Temporary Internet Files folder emptied: 971469 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 11457262 bytes
    ->Flash cache emptied: 470 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16867 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 80.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: administrator.APPLIEDIN

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Robin

    User: Robin.AI
    ->Java cache emptied: 0 bytes

    User: Robin.APPLIEDIN
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: administrator.APPLIEDIN

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Robin
    ->Flash cache emptied: 0 bytes

    User: Robin.AI
    ->Flash cache emptied: 0 bytes

    User: Robin.APPLIEDIN
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01252012_183646

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat not found!

    Registry entries deleted on Reboot...
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Yes. Another nonsense from TM.
     
  16. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    Ok. Ran it. I will run the other checks now.

    Security Check Results:

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    Trend Micro Worry-Free Business Security Agent
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    CCleaner
    Java(TM) 6 Update 30
    Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
    Adobe Reader X (10.1.2)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Trend Micro UniClient UiFrmWrk uiWatchDog.exe
    ``````````End of Log````````````
     
  17. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    By the way, my computer seems to be running great right now! Thanks!



    FSS:


    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Robin (administrator) on 26-01-2012 at 12:13:38
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.
    Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0700000004000000010000000200000003000000050000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
     
  18. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    ESET scanner has an option checked to Remove Found Threats. Should I leave this checked before clicking scan?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Yes................
     
  20. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    ESET Online Scanner reported no threats found. WooHoo!

    Eset has an option to uninstall on close on the screen that is up. I will leave it open until further directions.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You can keep and use it in the future.

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    =============================================================

    You have one registry key missing which affects Security Center functioning.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/



    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.
    Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip downloaded file.
    You'll find several files inside.
    Double-click legacy_wscsvc.reg and confirm the prompt.
    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
    Restart computer.
    See if you can access Security Center.
    Post new FSS log.
     
  22. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    I am assuming you are refering to Windows Security Center. Yes, I can access it.

    Here is the log:


    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Robin (administrator) on 26-01-2012 at 14:15:48
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0700000004000000010000000200000003000000050000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  24. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    Here is the OTL log. I will continue on with the rest of the steps you mentioned.


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: administrator.APPLIEDIN
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Robin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Robin.AI
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Robin.APPLIEDIN
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 9729881 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 5641227 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16867 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 15.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: administrator.APPLIEDIN

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Robin
    ->Flash cache emptied: 0 bytes

    User: Robin.AI
    ->Flash cache emptied: 0 bytes

    User: Robin.APPLIEDIN
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: administrator.APPLIEDIN

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Robin

    User: Robin.AI
    ->Java cache emptied: 0 bytes

    User: Robin.APPLIEDIN
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 01262012_143011

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Temporary Internet Files\Content.IE5\681NDWUA\topic176614-2[1].html moved successfully.
    C:\Documents and Settings\Robin.APPLIEDIN\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat not found!

    Registry entries deleted on Reboot...
     
  25. Nestle82

    Nestle82 TS Rookie Topic Starter Posts: 25

    All done. Computer is running great. Thanks for all your help Broni! Great Job!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...