Solved System check after credit card fraud

[Rwolf01]

I recently made a donation for a walk-a-thon charity event that required me to type in my credit card # at their website. Within 2 days I got a string of bogus charges totalling hundreds of dollars. (some of which were to other aparently legitimate medical charities) Fortunately the VISA fraud squad spotted it and called me.

I contacted the charity and the person who sent me the donation request and they are both legitimate. (they said all the right things: denying knowing of any other victims, promising to look into it, etc.)

Just to be safe, I also want to also check if my system has any sort of spyware that could have captured the credit card information as I typed it in.

I ran a full TrendMicro OfficeScan witrh the latest virus pattern files and it didn't find anything. I also ran scans with MalwareBytes, Adaware, GMER and DDS.
(log attached, but I noticed nothing odd)

Can you think of anything else I should do to check the system?

Thanks, in advance, for your thoughtful advice!

- Rwolf
============================
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8002

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/23/2011 12:41:20 AM
mbam-log-2011-10-23 (00-41-20).txt

Scan type: Quick scan
Objects scanned: 207498
Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
==============================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-23 01:56:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 OCZ-VERT rev.2.11
Running: 0qfffwno(GMER).exe; Driver: C:\DOCUME~1\rwolf\LOCALS~1\Temp\kwrdrpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0x9159B87E]
SSDT 8765B060 ZwCreateMutant
SSDT 876593C0 ZwCreateProcess
SSDT 87659680 ZwCreateProcessEx
SSDT 8765AD20 ZwCreateThread
SSDT 8765A440 ZwDeleteKey
SSDT 8765A700 ZwDeleteValueKey
SSDT 8765AEC0 ZwLoadDriver
SSDT 87659940 ZwOpenProcess
SSDT 8765B200 ZwSetSystemInformation
SSDT \SystemRoot\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0x9159BBFE]
SSDT 87659C00 ZwTerminateProcess
SSDT 8765AB80 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00F52BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00F52CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [00F52CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5276] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File D:\orion\UI\CALIB\Debug\ALIGNMENT.obj 61502 bytes
File D:\orion\UI\CALIB\Debug\ALIGNMENT.sbr 1190365 bytes
File D:\orion\UI\CALIB\Debug\ALIGNMENTRECIPEDLG.obj 43926 bytes
File D:\orion\UI\CALIB\Debug\ALIGNMENTRECIPEDLG.sbr 1162576 bytes
File D:\orion\UI\CALIB\Debug\ANALOGCALIBRATION.obj 58923 bytes

<< snip: numerous files deleted to meet 50k char limit.>>

File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.cpp 0 bytes
File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.def 0 bytes
File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.dsp 0 bytes
File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.dsw 0 bytes
File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.h 0 bytes
File D:\orion\MEASURE\PSFStripDlg\PSFStripDlg.plg 0 bytes

---- EOF - GMER 1.0.15 ----
======================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by rwolf at 17:48:19 on 2011-10-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2426 [GMT -7:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {9618DB9B-667E-4F02-9A27-C9ECD7BA6961}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
svchost.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\nuggets(migrate-to-D-drive)\PureText\PureText.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFEA.EXE
C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
C:\Program Files\Scalable Software\Survey\SSI Survey Client\SurveyClientNT.EXE
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\dynamiclinkmanager.exe
C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\Adobe QT32 Server.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEBrowserHelperObject Class: {86ea4148-bee6-4cee-a72f-da27a5112bd1} - c:\windows\system32\SSIBrowserHook5.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [\\192.168.0.129\EPSON WF1100] c:\windows\system32\spool\drivers\w32x86\3\e_fatifea.exe /fu "c:\docume~1\rwolf\locals~1\temp\E_S122.tmp" /EF "HKCU"
uRun: [PureText] "c:\nuggets(migrate-to-d-drive)\puretext\PureText.exe"
uRun: [\\rwolf00\EPSON WF1100] c:\windows\system32\spool\drivers\w32x86\3\e_fatifea.exe /fu "c:\docume~1\rwolf\locals~1\temp\E_S11E.tmp" /EF "HKCU"
uRun: [CAHeadless] c:\program files\adobe\elements 10 organizer\caheadless\ElementsAutoAnalyzer.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "c:\documents and settings\all users\application data\bomgar-scc-4e4ac44e" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD299682678 /f
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
uPolicies-system: disablelockworkstation = 1 (0x1)
mPolicies-system: disablelockworkstation = 1 (0x1)
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: digikey.com\ordering
Trusted Zone: kla-tencor.com
Trusted Zone: kla-tencor.com
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285381672593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285389881531
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{175E30C5-8C70-49C8-9A9C-2F57092E95E5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{43F498F0-46B3-47B1-A154-84CE36F1164B} : NameServer = 10.39.11.50,10.208.11.85
TCP: Interfaces\{56EB5E61-440E-47A0-AF68-4ADD7964AB14} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rwolf\application data\mozilla\firefox\profiles\xlw1tb4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-22 64512]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2010-9-24 17648]
R1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [2010-10-15 54048]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-8-18 59904]
R2 SSI Survey Client;SSI Survey Client;c:\program files\scalable software\survey\ssi survey client\surveyclientnt.exe [2010-12-11 90112]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-12-22 52304]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2008-5-2 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-5-2 36624]
R2 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-7-10 689416]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-11-15 592120]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-24 43888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-24 113664]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-24 168616]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2007-9-13 26137]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-24 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-24 235520]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2010-9-24 6650752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2007-9-13 157648]
S3 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [2010-11-17 724992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-1-2 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-1-2 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-1-2 121576]
S3 SSI Client Installer;SSI Client Installer;c:\windows\system32\SCInstallerNT.exe [2010-12-11 503808]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
.
=============== Created Last 30 ================
.
2011-10-23 06:23:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-23 05:33:27 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-23 05:30:19 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-23 05:30:14 -------- d-----w- c:\program files\Lavasoft
2011-10-05 18:07:57 -------- d-----w- c:\documents and settings\rwolf\application data\webex
2011-10-05 18:07:45 -------- d-----w- c:\program files\WebEx
2011-10-03 09:02:17 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-10-03 08:55:29 -------- d-----w- c:\program files\SmartSound Software
2011-10-03 08:55:22 -------- d-----w- c:\documents and settings\all users\application data\SmartSound Software Inc
.
==================== Find3M ====================
.
2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-29 01:05:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 23:50:59 660 ----a-r- C:\gtModLab.bat
.
============= FINISH: 17:48:46.28 ===============

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Attach.txt part of DDS is missing so please provide that.

You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Trend Micro.
One of them has to go.
I suggest Lavasoft goes.

So far I don't see anything malicious.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Rwolf01]

Hi Broni, Nice to meet you!

I installed ad-aware to do a one-time scan. Didn't realize it was redundant with officeScan. It's gone now.

The attach.txt file is below. I will get to the requested scans within 48 hours.

Thanks for the help!
------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/24/2010 6:32:16 PM
System Uptime: 10/23/2011 2:10:02 AM (15 hours ago)
.
Motherboard: Dell Inc. | | 0667CC
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz | CPU 1 | 2632/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 68.812 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 150.37 GiB free.
E: is Removable
R: is FIXED (NTFS) - 932 GiB total, 303.789 GiB free.
W: is NetworkDisk (NTFS) - 932 GiB total, 31.083 GiB free.
X: is NetworkDisk (NTFS) - 215 GiB total, 205.755 GiB free.
Y: is NetworkDisk (NTFS) - 244 GiB total, 219.299 GiB free.
Z: is NetworkDisk (NTFS) - 200 GiB total, 193.542 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\474FC0003658261
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\474FC0003658261
Service: NIC1394
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Broadcom USH
Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
Manufacturer:
Name: Broadcom USH
PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
AccelerometerP11
Ad-Aware
Adobe AIR
Adobe Common File Installer
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 10
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 10
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
CamStudio OSS Desktop Recorder
CCleaner
Cisco AnyConnect VPN Client
Cisco MeetingPlace for Outlook
Cisco Systems VPN Client 5.0.07.0290
Compatibility Pack for the 2007 Office system
Configuration Manager Client
Crystal XI
Deco Planner 3
Dell Touchpad
Elements 10 Organizer
ESET Online Scanner v3
FilterPro
Garmin City Navigator North America v8
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958244)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
IDT Audio
InstaCal and Universal Library for Windows
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 29
Kies mini
KLAAgent
M7800 DownLoader
Malwarebytes' Anti-Malware version 1.51.2.1300
MapSource
MapSource - WorldMap v3.02
MaX Compression Client
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 6.0 Professional Edition
MikroSpec 4.0 Professional
Mozilla Firefox (3.6.12)
MSDN Library - Visual Studio 6.0a
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Nortel VPN Client
OGA Notifier 2.0.0048.0
OLYMPUS Digital Camera Updater
OLYMPUS Master 2
OLYMPUS Raw Codec
OLYMPUS Viewer 2
Paint Shop Pro 7 Anniversary Edition
PDF4Free 2.0
PerformanceTest v7.0
PRE10STIInstaller
PSE10 STI Installer
PyScripter 2.4.1
Python 2.6 PyUSB-1.6
Python 2.6.5
QuickBooks Pro 99
QuickTime
RDC
Release OrCAD 16.2
Remote Administrator v2.2
RICOH Media Driver ver.2.11.01.02
RSA SecurID Token for Windows Desktops
SAMSUNG USB Driver for Mobile Phones
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmartSound Common Data
SmartSound Premiere Elements 10 Plugin
SmartSound Sonicfire Pro 5
Sonic CinePlayer DVD Pack
TracerDAQ
Trend Micro OfficeScan Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V-Planner 3.89
WebEx
WebFldrs XP
WIMGAPI
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
10/21/2011 8:39:20 PM, error: Dhcp [1002] - The IP address lease 10.104.117.17 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/19/2011 4:44:52 PM, error: Dhcp [1002] - The IP address lease 10.104.112.198 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/19/2011 4:44:12 PM, error: System Error [1003] - Error code 00009088, parameter1 b9d87c1c, parameter2 b9d87c20, parameter3 b9d87c14, parameter4 b9d87c18.
10/19/2011 3:45:57 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/19/2011 3:45:55 PM, error: Dhcp [1002] - The IP address lease 10.35.244.88 for the Network Card with network address 0026B9D665F0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/19/2011 2:04:36 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
10/19/2011 2:03:46 PM, error: NETLOGON [5719] - No Domain Controller is available for domain KLASJ due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/19/2011 12:31:10 PM, error: Dhcp [1002] - The IP address lease 192.168.0.128 for the Network Card with network address 0026B9D665F0 has been denied by the DHCP server 10.208.10.252 (The DHCP Server sent a DHCPNACK message).
10/19/2011 12:01:02 AM, error: Dhcp [1002] - The IP address lease 10.104.115.189 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/19/2011 11:03:36 AM, error: Dhcp [1002] - The IP address lease 192.168.0.134 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
10/19/2011 10:44:23 AM, error: PlugPlayManager [12] - The device 'Disk drive' (IDE\DiskST31000528AS____________________________HP35____\4&325a58d2&0&0.2.0) disappeared from the system without first being prepared for removal.
10/18/2011 12:53:16 AM, error: Dhcp [1002] - The IP address lease 10.104.118.43 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/18/2011 1:50:38 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
10/17/2011 12:53:43 AM, error: Dhcp [1002] - The IP address lease 10.104.112.135 for the Network Card with network address 002314859EC8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/17/2011 1:18:52 PM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================

 

[Rwolf01]

Hellow again,

I ran aswMBR in safemode, after letting it do the avast virus file updates. The UI was slightly different, but I just accepted the defaults and did a "quickscan". It has a new very tempting looking buttong called "FixMBR" but I left that alone...

The log file is
=====================
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-25 01:50:44
-----------------------------
01:50:44.078 OS Version: Windows 5.1.2600 Service Pack 3
01:50:44.078 Number of processors: 4 586 0x2502
01:50:44.078 ComputerName: RWOLF01 UserName:
01:50:44.187 Initialize success
01:50:48.390 AVAST engine defs: 11102402
01:51:56.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:51:56.328 Disk 0 Vendor: OCZ-VERT 2.11 Size: 114473MB BusType: 8
01:51:56.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
01:51:56.406 Disk 1 Vendor: ST950056 SD23 Size: 476940MB BusType: 8
01:51:56.453 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2
01:51:56.500 Disk 2 Vendor: ST310005 HP35 Size: 953869MB BusType: 8
01:51:56.546 Disk 0 MBR read successfully
01:51:56.593 Disk 0 MBR scan
01:51:56.656 Disk 0 Windows XP default MBR code
01:51:56.703 Disk 0 scanning sectors +234436545
01:51:56.750 Disk 0 scanning C:\WINDOWS\system32\drivers
01:52:01.125 Service scanning
01:52:02.031 Modules scanning
01:52:03.750 Disk 0 trace - called modules:
01:52:03.890 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys hal.dll iaStor.sys
01:52:03.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0792e0]
01:52:04.078 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8b079020]
01:52:04.171 5 stdcfltn.sys[f78a888a] -> nt!IofCallDriver -> \Device\00000089[0x8b043a00]
01:52:04.265 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8b02e028]
01:52:04.484 AVAST engine scan C:\WINDOWS
01:52:05.281 AVAST engine scan C:\WINDOWS\system32
01:52:55.312 AVAST engine scan C:\WINDOWS\system32\drivers
01:53:00.656 AVAST engine scan C:\Documents and Settings\Administrator
01:53:02.156 AVAST engine scan C:\Documents and Settings\All Users
01:54:51.890 Scan finished successfully
01:55:31.875 Disk 0 MBR has been saved successfully to "D:\nuggets\TechSpot\MBR.dat"
01:55:31.921 The log file has been saved successfully to "D:\nuggets\TechSpot\aswMBRlog10-25.txt"
=====================
I then ran ComboFix in safemode with networking, so it could get the downloads it needed.
It ran mostly uneventfully, but there was a windows box proclaiming an access violation in "rmbr.3ex", (this occured roughly at the end of stage1 of the scan) This didn't crash the program though and it completed some 40 other stages uneventfully.

Combifix log file is:

==============================

ComboFix 11-10-24.05 - Administrator 10/25/2011 2:11.2.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.3105 [GMT -7:00]
Running from: d:\nuggets\TechSpot\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {9618DB9B-667E-4F02-9A27-C9ECD7BA6961}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ralph Wolf\WINDOWS
c:\documents and settings\rwolf\Cookies\Index_3E227C64.dat
c:\documents and settings\rwolf\Cookies\IndexIE_3E227C64.dat
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))
.
.
2011-10-25 08:25 . 2011-10-25 08:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-10-23 05:33 . 2011-10-23 05:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-23 05:30 . 2011-10-24 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-10-18 23:56 . 2011-10-18 23:56 -------- d-----w- c:\program files\Common Files\Java
2011-10-05 18:07 . 2011-10-05 18:07 -------- d-----w- c:\documents and settings\rwolf\Application Data\webex
2011-10-05 18:07 . 2011-10-05 18:07 -------- d-----w- c:\program files\WebEx
2011-10-03 09:02 . 2011-10-03 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-10-03 08:55 . 2011-10-03 08:55 -------- d-----w- c:\program files\SmartSound Software
2011-10-03 08:55 . 2011-10-03 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 12:06 . 2010-11-17 09:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37 . 2010-11-17 09:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-29 01:05 . 2011-05-13 20:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00 . 2011-03-24 14:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 23:51 . 2011-08-14 23:51 2003 ----a-r- C:\WriteStatus.bat
2011-08-14 23:51 . 2011-08-14 23:51 113664 ----a-r- C:\vercheck.exe
2011-08-14 23:51 . 2011-08-14 23:51 105984 ----a-r- C:\stm.exe
2011-08-14 23:51 . 2011-08-14 23:51 1680 ----a-r- C:\smsettings.bat
2011-08-14 23:51 . 2011-08-14 23:51 19682 ----a-r- C:\SmModels.bat
2011-08-14 23:51 . 2011-08-14 23:51 17768 ----a-r- C:\Sm_org.bat
2011-08-14 23:51 . 2011-08-14 23:51 19807 ----a-r- C:\Sm011707.bat
2011-08-14 23:51 . 2011-08-14 23:51 608 ----a-r- C:\SimpleBuild.bat
2011-08-14 23:51 . 2011-08-14 23:51 20429 ----a-r- C:\Sm.bat
2011-08-14 23:51 . 2011-08-14 23:51 128 ----a-r- C:\SetVCC.bat
2011-08-14 23:51 . 2011-08-14 23:51 628 ----a-r- C:\settings.bat
2011-08-14 23:51 . 2011-08-14 23:51 525 ----a-r- C:\setall.bat
2011-08-14 23:51 . 2011-08-14 23:51 287 ----a-r- C:\setlabel.bat
2011-08-14 23:51 . 2011-08-14 23:51 229439 ----a-r- C:\ReArrangeFiles.exe
2011-08-14 23:51 . 2011-08-14 23:51 452 ----a-r- C:\PSM.BAT
2011-08-14 23:51 . 2011-08-14 23:51 1465 ----a-r- C:\postBuild.bat
2011-08-14 23:51 . 2011-08-14 23:51 172089 ----a-r- C:\osversion.exe
2011-08-14 23:51 . 2011-08-14 23:51 58880 ----a-r- C:\makerpt.exe
2011-08-14 23:51 . 2011-08-14 23:51 54 ----a-r- C:\nmd.cmd
2011-08-14 23:51 . 2011-08-14 23:51 4561 ----a-r- C:\MakeLeafCode.bat
2011-08-14 23:51 . 2011-08-14 23:51 4311 ----a-r- C:\MakeLeafCode_add_iADC.bat
2011-08-14 23:51 . 2011-08-14 23:51 1293 ----a-r- C:\Makeone.bat
2011-08-14 23:51 . 2011-08-14 23:51 1434 ----a-r- C:\MakeJobManager.bat
2011-08-14 23:51 . 2011-08-14 23:51 36864 ----a-r- C:\ListViewer.exe
2011-08-14 23:51 . 2011-08-14 23:51 645 ----a-r- C:\LabAllGd.bat
2011-08-14 23:51 . 2011-08-14 23:51 337 ----a-r- C:\LabGood.bat
2011-08-14 23:51 . 2011-08-14 23:50 1762 ----a-r- C:\gtOneLab.bat
2011-08-14 23:50 . 2011-08-14 23:50 660 ----a-r- C:\gtModLab.bat
2011-08-14 23:50 . 2011-08-14 23:50 550 ----a-r- C:\gtModCur.bat
2011-08-14 23:50 . 2011-08-14 23:50 3656 ----a-r- C:\gtAllLab.bat
2011-08-14 23:50 . 2011-08-14 23:50 1764 ----a-r- C:\gtOneCur.bat
2011-08-14 23:50 . 2011-08-14 23:50 5871 ----a-r- C:\gtAllCur_withIC.bat
2011-08-14 23:50 . 2011-08-14 23:50 18472 ----a-r- C:\gtAllCur021407.bat
2011-08-14 23:50 . 2011-08-14 23:50 11940 ----a-r- C:\gtAllCur_old.bat
2011-08-14 23:50 . 2011-08-14 23:50 20566 ----a-r- C:\gtAllCur.bat
2011-08-14 23:50 . 2011-08-14 23:50 107520 ----a-r- C:\filePoller.exe
2011-08-14 23:50 . 2011-08-14 23:50 11111 ----a-r- C:\DELTREE.EXE
2011-08-14 23:50 . 2011-08-14 23:50 43008 ----a-r- C:\dbwrite.exe
2011-08-14 23:50 . 2011-08-14 23:50 105984 ----a-r- C:\ctm.exe
2011-08-14 23:50 . 2011-08-14 23:50 4521 ----a-r- C:\copyreg.bat
2011-08-14 23:50 . 2011-08-14 23:50 1428 ----a-r- C:\copyfile.bat
2011-08-14 23:50 . 2011-08-14 23:50 520 ----a-r- C:\convertAllModels.bat
2011-08-14 23:50 . 2011-08-14 23:50 25698 ----a-r- C:\Copy (2) of Build_63spack.bat
2011-08-14 23:50 . 2011-08-14 23:50 25333 ----a-r- C:\Copy of Build_63spack_non56.bat
2011-08-14 23:50 . 2011-08-14 23:50 467 ----a-r- C:\bumpver.bat
2011-08-14 23:50 . 2011-08-14 23:50 18432 ----a-r- C:\Bumpver.exe
2011-08-14 23:50 . 2011-08-14 23:50 176212 ----a-r- C:\Buildsp2_021407.exe
2011-08-14 23:50 . 2011-08-14 23:50 176212 ----a-r- C:\BuildSP2_010207.exe
2011-08-14 23:50 . 2011-08-14 23:50 176212 ----a-r- C:\Buildnew.exe
2011-08-14 23:50 . 2011-08-14 23:50 3372 ----a-r- C:\Builder.bat
2011-08-14 23:50 . 2011-08-14 23:50 24708 ----a-r- C:\Build_63spack_test.bat
2011-08-14 23:50 . 2011-08-14 23:50 23276 ----a-r- C:\Build_63spack_withIC.bat
2011-08-14 23:50 . 2011-08-14 23:50 21216 ----a-r- C:\Build_63spack_vss.bat
2011-08-14 23:50 . 2011-08-14 23:50 16664 ----a-r- C:\builddiag.bat
2011-08-14 23:50 . 2011-08-14 23:50 25523 ----a-r- C:\Build_63spack_non56.bat
2011-08-14 23:50 . 2011-08-14 23:50 24844 ----a-r- C:\Build_63spack_926.bat
2011-08-14 23:50 . 2011-08-14 23:50 24842 ----a-r- C:\Build_63spack_11152005.bat
2011-08-14 23:50 . 2011-08-14 23:50 24631 ----a-r- C:\Build_63spack_913.bat
2011-08-14 23:50 . 2011-08-14 23:50 23709 ----a-r- C:\Build_63spack_826.bat
2011-08-14 23:50 . 2011-08-14 23:50 25730 ----a-r- C:\Build_63spack_020106.bat
2011-08-14 23:50 . 2011-08-14 23:50 25687 ----a-r- C:\Build_63spack56_test.bat
2011-08-14 23:50 . 2011-08-14 23:50 25617 ----a-r- C:\Build_63spack56.bat
2011-08-14 23:50 . 2011-08-14 23:50 25186 ----a-r- C:\Build_63spack022406.bat
2011-08-14 23:50 . 2011-08-14 23:50 25186 ----a-r- C:\Build_63spack_01052006.bat
2011-08-14 23:50 . 2011-08-14 23:50 25682 ----a-r- C:\Build_63spack.bat
2011-08-14 23:50 . 2011-08-14 23:50 155706 ----a-r- C:\Build63SPack_56.exe
2011-08-14 23:50 . 2011-08-14 23:50 155700 ----a-r- C:\Build63spack.exe
2011-08-14 23:50 . 2011-08-14 23:50 176212 ----a-r- C:\Build.exe
2011-08-14 23:50 . 2011-08-14 23:50 532 ----a-r- C:\AutomateTest.bat
2011-08-14 23:50 . 2011-08-14 23:50 3356 ----a-r- C:\AITidlcompiler.bat
2011-08-14 23:50 . 2011-08-14 23:50 221 ----a-r- C:\autoinstall.bat
2011-08-14 23:50 . 2011-08-14 23:50 164 ----a-r- C:\autoinstalld.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-27 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-27 170008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-27 145432]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-07-20 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1206544]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-07-28 727664]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-02-06 849192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-19 495708]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD299682678"="rd" [X]
.
c:\documents and settings\Ralph Wolf\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-12-7 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablelockworkstation"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\OrCAD\\OrCAD_16.2\\Licensing\\LicenseClientConfiguration.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdnshelp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsinfo.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsmps.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsMsgServer.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsNameServer.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsOaPathUtil.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsRemote.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsRemshClient.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsRunHidden.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsServIpc.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsUnzip.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdswhich.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cdsZip.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cds_root.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\clsAdminTool.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\clsbd.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\clu.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\cmfeedback.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\consmgr.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\dregprint.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\emsChecker.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\emsMkError.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\mpsinfo.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\msgHelp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\nmp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\nmppath.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\switchversion.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\van.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\bin\\versionviewer.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\capture.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\comp16.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\pcadi.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\pspiceexplorersrvr.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\pstswp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\regsvr32.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\sch2cap.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\capture\\tutorial\\Captutor.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\cdnshelp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\cdnshelpindexer.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\indexer.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\tagtest.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\topicgen.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\cdnshelp\\bin\\_cdnshelp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\dfII\\bin\\skill.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\dfII\\bin\\skill_g.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\bodygen.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\cpmaccess.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\libaccess.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\lrm.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\mkdefcfg.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\newgenasym.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\pcbCache.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\projmgr.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\psetup.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\purge.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\QPSetup.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\rollback.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\UniversalBrowser.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\fet\\bin\\versiontool.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\java.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\javacpl.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\javaw.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\javaws.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\jucheck.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\jusched.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\keytool.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\kinit.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\klist.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\ktab.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\orbd.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\pack200.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\policytool.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\rmid.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\rmiregistry.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\servertool.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\tnameserv.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\jre\\bin\\unpack200.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\fvupdateutil.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\gcad.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\gcam.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\gcdin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\idfin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\ipc356.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\layout.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\libcat.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\lsession.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\max2hyp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxascb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxascx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxdxf.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxeco.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxfnetx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxminb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxminw.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxminx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxorcad.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxp99x.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxpadb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxpadx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxpcadb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxpcadx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxprotb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxprotx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxstrb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxstrx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxtangb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\maxtangx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\mfceco.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\orcadodb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\padb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\padx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\pcadb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\pcadx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\pcb2max.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\prcat.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\protb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\protx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\searchTool.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\setbrows.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\specin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\strb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\strx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\tangb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\tangx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\to386.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\toidf.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\tomax.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\tospec.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\update90.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\samples\\demo\\reset.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\sroute\\batch32.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\sroute\\sroute.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\tutorial\\laytutor.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout\\vcadd\\vcadd32.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\fvupdateutil.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\gcad.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\gcam.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\gcdin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\idfin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\ipc356.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\layout.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\libcat.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\lsession.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\max2hyp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxascb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxascx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxdxf.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxeco.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxfnetx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxminb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxminw.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxminx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxorcad.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxp99x.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxpadb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxpadx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxpcadb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxpcadx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxprotb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxprotx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxstrb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxstrx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxtangb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\maxtangx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\mfceco.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\orcadodb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\padb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\padx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\pcadb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\pcadx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\pcb2max.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\prcat.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\protb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\protx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\searchTool.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\setbrows.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\specin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\strb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\strx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\tangb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\tangx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\to386.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\toidf.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\tomax.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\tospec.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\update90.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\samples\\demo\\reset.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\sroute\\batch32.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\sroute\\sroute.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\tutorial\\Laytutor.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_eng_ed\\vcadd\\vcadd32.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\fvupdateutil.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\gcad.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\gcam.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\gcdin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\idfin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\ipc356.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\layout.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\libcat.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\lsession.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\max2hyp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxascb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxascx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxdxf.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxeco.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxfnetx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxminb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxminw.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxminx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxorcad.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxp99x.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxpadb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxpadx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxpcadb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxpcadx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxprotb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxprotx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxstrb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxstrx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxtangb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\maxtangx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\mfceco.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\orcadodb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\padb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\padx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\pcadb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\pcadx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\pcb2max.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\prcat.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\protb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\protx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\searchTool.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\setbrows.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\specin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\strb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\strx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\tangb.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\tangx.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\to386.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\toidf.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\tomax.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\tospec.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\update90.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\samples\\demo\\reset.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\sroute\\batch32.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\sroute\\sroute.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\tutorial\\laytutor.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\layout_plus\\vcadd\\vcadd32.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\a2dxf.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\allegro.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\allegro_batch.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\allegro_free_viewer.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\aprepmap.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\artwork.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ashowmap.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\batch_drc.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\bbvia.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\bem2d.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\brd2dml.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\convert_gerber.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\create_devices.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\create_sym.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbdoctor.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbdoctor14.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbdoctor15.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbdoctor_ui.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbfix11.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbfix12.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbfix13.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dbstat.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\db_change_type.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dfa_dlg.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dfa_update.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dml2brd.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dmlcheck.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dmlcrypt.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\downrev14.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\downrev_library.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\draw_check.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dump_libraries.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\dxf2a.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ems2d.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\enved.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\explot.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\extracta.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\fatten.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\flash_convert.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\fpbrowse.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\FSvia.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\FSviaSolver.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ftsmerge.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\gate_assign.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\gbplot.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\genfeedformat.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\genrad.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\gloss.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ibis2signoise.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ibischk3.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ibischk4.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\icmchk.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\idf_in.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\idf_out.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\iges_in.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\iges_out.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\il_allegro.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ipc356_out.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\j2script.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\l2a.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\lis2buf.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\mbs2lib.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\mcm_escapes.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\mergedml.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\mkdeviceindex.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\modelintegrity.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\modelsim.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ncroute.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\nctape.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\netin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\netrev.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\pads_in.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\pad_designer.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\parallel.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\pcad_in.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\pe_wordpad.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\placement.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\plctxt.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\pre_check.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\productServer.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\quad2signoise.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\qvupdate.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\refresh_padstack.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\refresh_symbol.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\refresh_vs.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\reftxt.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\report.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\signoise.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\sigwave.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\sigxp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\sigxsect.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\spc2dml.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\spc2spc.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\spif.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\spif_batch.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\swap.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\systemdump.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\sys_root.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\techfile.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\techfile13.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\techfile14.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\techfile15.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\tlsim.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\ts2dml.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\uprev.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\zrouter.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\perl5\\bin\\perl.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\perl5\\bin\\perlglob.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\perl5\\ntt\\cmd32.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\appmgr.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\IndiceFileGeneration.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\lxcwin.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\Magneticdesigner.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\modeled.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\MrkSrvr.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\msgview.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\PDesign.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\psched.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\pspice.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\pspiceaa.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\PSpiceEnc.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\pspiceexplorersrvr.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\psp_cmd.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\regsvr32.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\simmgr.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\simsrvr.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pspice\\stmed.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\specctra\\bin\\mbs2sp.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\specctra\\bin\\sp2mbs.exe"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\specctra\\bin\\specctra.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\OrCAD\\OrCAD_16.2\\tools\\pcb\\bin\\aconvmap.exe"=
"c:\\Program Files\\Measurement Computing\\DAQ\\MccSkts.exe"=
"c:\\Program Files\\Nortel\\Nortel VPN Client\\Extranet.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Trend Micro\\OfficeScan Client\\ScanMailOutLook.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35205:TCP"= 35205:TCP:Trend Micro OfficeScan Listener
"3622:UDP"= 3622:UDP:Windows Media Format SDK (iexplore.exe)
"3623:UDP"= 3623:UDP:Windows Media Format SDK (iexplore.exe)
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [9/24/2010 7:23 PM 17648]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [8/18/2011 3:18 PM 59904]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [9/24/2010 7:23 PM 43888]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [9/24/2010 7:11 PM 168616]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [9/13/2007 9:52 AM 26137]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [9/24/2010 7:17 PM 6650752]
S1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [10/15/2010 12:27 AM 54048]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [9/1/2011 2:22 AM 169624]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2011 6:55 PM 136176]
S2 SSI Survey Client;SSI Survey Client;c:\program files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe [12/11/2010 12:19 AM 90112]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/22/2010 12:52 AM 52304]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [5/2/2008 4:22 PM 262416]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [5/2/2008 4:21 PM 36624]
S2 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [7/10/2008 6:46 PM 689416]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [11/15/2010 1:32 PM 592120]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/24/2010 7:06 PM 113664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2011 6:55 PM 136176]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [9/24/2010 6:51 PM 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [9/24/2010 7:09 PM 235520]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [9/13/2007 9:51 AM 157648]
S3 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [11/17/2010 7:54 PM 724992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/2/2011 9:42 AM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/2/2011 9:42 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/2/2011 9:42 AM 121576]
S3 SSI Client Installer;SSI Client Installer;c:\windows\system32\SCInstallerNT.exe [12/11/2010 12:19 AM 503808]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXHELP20
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-KLASJ-rwolf.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-16 23:43]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 01:55]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 01:55]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: kla-tencor.com
Trusted Zone: kla-tencor.com
TCP: DhcpNameServer = 192.168.1.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 02:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,d6,23,79,6d,eb,72,4c,82,3b,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,d5,0b,1a,63,ef,4d,41,ab,5b,4a,\
.
Completion time: 2011-10-25 02:15:43
ComboFix-quarantined-files.txt 2011-10-25 09:15
.
Pre-Run: 73,864,769,536 bytes free
Post-Run: 74,518,396,928 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - C062E55CB2269E067DBDB42E96873B27

===========================================

Thanks again for reading the tea leaves of these reports and letting me know if there is anything unusual.

Best Regards,

Ralph Wolf

 

[Broni]

Combofix log looks good now.

Running from: d:\nuggets\TechSpot\ComboFix.exe

Please move Combofix file to your desktop as my instructions say.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Rwolf01]

Bounced into safe mode as Administrator and ran OTL (from the desktop, as requested

Log files are too long for one post, will split the into multiple posts, being careful not to drop any lines.

First Up: OTL.txt part 1:
==========================
OTL logfile created on: 10/29/2011 10:53:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 92.29% Memory free
7.27 Gb Paging File | 7.20 Gb Available in Paging File | 99.09% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.66 Gb Total Space | 68.89 Gb Free Space | 61.70% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 150.13 Gb Free Space | 32.23% Space Free | Partition Type: NTFS
Drive E: | 7.44 Gb Total Space | 7.44 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive R: | 931.51 Gb Total Space | 324.45 Gb Free Space | 34.83% Space Free | Partition Type: NTFS

Computer Name: RWOLF01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010/11/15 13:32:46 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/07/23 13:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/07/19 17:38:32 | 000,364,544 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2010/07/19 17:34:02 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/06/01 14:47:38 | 000,503,808 | ---- | M] (Scalable Software, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\SCInstallerNT.exe -- (SSI Client Installer)
SRV - [2010/06/01 14:47:38 | 000,090,112 | ---- | M] (Scalable Software, Inc.) [Auto | Stopped] -- C:\Program Files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe -- (SSI Survey Client)
SRV - [2010/05/18 23:42:02 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/02/02 18:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Unknown | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/02/02 18:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Unknown | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2010/01/07 12:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [Unknown | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2004/12/20 09:47:32 | 000,724,992 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\r_server.exe -- (r_server)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/11/15 13:19:12 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/07/23 13:25:46 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/23 13:25:38 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/23 13:25:30 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/07/20 03:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/07/20 03:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/07/20 03:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/07/14 04:34:00 | 006,650,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel(R)
DRV - [2010/07/09 10:41:42 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/07/09 10:41:34 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stdcfltn.sys -- (stdcfltn)
DRV - [2010/06/21 21:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/05/19 22:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/18 23:42:02 | 001,660,691 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/04/06 00:35:56 | 000,168,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2010/03/23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/03/19 16:39:08 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010/02/26 23:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/23 13:39:56 | 000,054,048 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\CBUL32.sys -- (CBUL32)
DRV - [2010/01/19 12:50:12 | 000,235,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/01/07 09:43:04 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/10/22 08:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 08:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/04/21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/04/08 17:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2007/11/14 20:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/09/13 09:52:18 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2007/09/13 09:51:58 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2007/09/13 09:51:58 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 02:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/04 03:26:18 | 000,000,000 | ---D | M]

[2011/10/18 16:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/17 02:18:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/27 01:15:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/20 07:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/18 11:53:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/18 16:55:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/25 02:14:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\.DEFAULT..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
O4 - HKU\S-1-5-18..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Ralph Wolf\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablelockworkstation = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1292428093-1644491937-1801674531-500\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285381672593 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1285389881531 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adcorp.kla-tencor.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{175E30C5-8C70-49C8-9A9C-2F57092E95E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56EB5E61-440E-47A0-AF68-4ADD7964AB14}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/24 18:30:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,221 | R--- | M] () - C:\autoinstall.bat -- [ NTFS ]
O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,164 | R--- | M] () - C:\autoinstalld.bat -- [ NTFS ]
O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,532 | R--- | M] () - C:\AutomateTest.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/10/29 22:51:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/28 11:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP PrecisionScan LT Software
[2011/10/28 11:37:18 | 000,081,920 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\HP3300T.dll
[2011/10/28 11:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/10/28 11:36:23 | 000,000,000 | ---D | C] -- C:\sj650
[2011/10/25 02:22:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/25 02:09:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/25 01:57:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/25 01:57:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/25 01:57:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/25 01:57:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/25 01:57:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/10/25 01:57:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/25 01:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011/10/22 22:33:27 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/22 22:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/10/18 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/05 11:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2011/10/03 02:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/10/03 01:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartSound
[2011/10/03 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2011/10/03 01:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/09/24 19:09:15 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/29 22:54:28 | 000,448,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/29 22:54:28 | 000,072,744 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/29 22:51:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/29 22:50:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/29 22:49:28 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
[2011/10/29 22:25:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/29 11:25:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/29 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KLASJ-rwolf.job
[2011/10/28 11:45:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2011/10/28 11:45:06 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/28 11:44:18 | 000,000,463 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2011/10/27 13:40:07 | 000,018,072 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/25 02:14:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/25 02:09:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/10/24 17:11:42 | 000,012,282 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/22 22:33:26 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/10 12:43:13 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/03 01:53:17 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 10.lnk
[2011/10/03 00:37:12 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 10.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

[Rwolf01]

OTL.txt part 2:

========== Files Created - No Company Name ==========

[2011/10/28 11:42:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
[2011/10/28 11:42:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/10/28 11:37:20 | 000,001,080 | ---- | C] () -- C:\WINDOWS\AUTOLNCH.REG
[2011/10/28 11:37:18 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/10/28 11:37:18 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/10/25 02:09:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/25 02:09:38 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/10/25 01:57:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/25 01:57:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/25 01:57:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/25 01:57:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/25 01:57:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/03 01:53:17 | 000,002,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Elements 10.lnk
[2011/10/03 01:53:17 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 10.lnk
[2011/10/03 01:05:10 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KLASJ-rwolf.job
[2011/10/03 00:48:24 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011/10/03 00:37:12 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2011/10/03 00:37:12 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 10.lnk
[2011/09/19 19:02:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/07/10 23:17:43 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/07/07 16:14:56 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011/03/29 01:29:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/26 20:18:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2010/12/26 20:18:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2010/12/11 00:19:26 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
[2010/11/17 19:54:06 | 000,724,992 | ---- | C] () -- C:\WINDOWS\System32\r_server.exe
[2010/11/17 02:08:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/08 03:43:11 | 000,162,783 | ---- | C] () -- C:\WINDOWS\FilterPro Uninstaller.exe
[2010/11/02 13:59:44 | 000,000,463 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2010/10/15 01:03:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inscal32.INI
[2010/10/15 00:27:26 | 000,054,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\CBUL32.sys
[2010/09/29 10:43:40 | 000,018,072 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2010/09/27 19:12:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2010/09/27 19:12:41 | 000,006,472 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2010/09/26 16:27:26 | 000,000,146 | ---- | C] () -- C:\WINDOWS\capture.INI
[2010/09/25 11:10:06 | 002,146,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/25 01:11:41 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/09/24 20:40:09 | 000,000,866 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/24 19:09:15 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2010/09/24 19:09:15 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2010/09/24 19:09:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/09/24 18:32:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/24 18:28:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/24 11:18:37 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/24 11:17:46 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/23 14:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 14:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,449,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,073,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/15 09:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 09:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/15 15:26:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\USBCtrl.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/11/16 23:28:34 | 000,225,402 | ---- | C] () -- C:\WINDOWS\System32\CWtoVision.dll
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
[1998/08/05 22:01:06 | 000,823,296 | ---- | C] () -- C:\WINDOWS\System32\Nsppx.dll
[1998/08/05 22:01:04 | 000,829,952 | ---- | C] () -- C:\WINDOWS\System32\Nspp5.dll
[1998/08/05 22:01:04 | 000,811,520 | ---- | C] () -- C:\WINDOWS\System32\Nspp6.dll
[1998/08/05 22:01:02 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\Nspp4.dll
[1998/08/05 22:01:00 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\Nspm5.dll
[1998/08/05 22:01:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Nsp.dll
[1998/08/05 22:00:50 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\Cpuid32.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

========== LOP Check ==========

[2011/02/03 12:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/09/24 21:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/09/26 16:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/11 03:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2011/10/03 02:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/02 09:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/12/11 00:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Scalable Software
[2011/10/03 01:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/08/17 17:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Arduino
[2011/10/25 02:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/04 00:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Mikron
[2010/12/26 20:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Opera
[2011/08/17 02:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\PyScripter
[2011/01/02 09:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Samsung
[2011/01/02 16:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\V-Planner
[2011/10/05 11:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\webex

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/10/23 02:10:10 | 000,000,220 | ---- | M] () -- C:\aaw7boot.log
[2010/09/26 16:56:40 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2011/08/14 16:50:42 | 000,003,356 | R--- | M] () -- C:\AITidlcompiler.bat
[2010/09/24 18:30:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/14 16:50:42 | 000,000,221 | R--- | M] () -- C:\autoinstall.bat
[2011/08/14 16:50:42 | 000,000,164 | R--- | M] () -- C:\autoinstalld.bat
[2011/08/14 16:50:42 | 000,000,532 | R--- | M] () -- C:\AutomateTest.bat
[2010/11/09 00:59:23 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2011/10/25 02:09:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/08/14 16:50:43 | 000,176,212 | R--- | M] () -- C:\Build.exe
[2011/08/14 16:50:43 | 000,155,700 | R--- | M] () -- C:\Build63spack.exe
[2011/08/14 16:50:44 | 000,155,706 | R--- | M] () -- C:\Build63SPack_56.exe
[2011/08/14 16:50:47 | 000,016,664 | R--- | M] () -- C:\builddiag.bat
[2011/08/14 16:50:48 | 000,003,372 | R--- | M] () -- C:\Builder.bat
[2011/08/14 16:50:49 | 000,176,212 | R--- | M] () -- C:\Buildnew.exe
[2011/08/14 16:50:50 | 000,176,212 | R--- | M] () -- C:\BuildSP2_010207.exe
[2011/08/14 16:50:52 | 000,176,212 | R--- | M] () -- C:\Buildsp2_021407.exe
[2011/08/14 16:50:44 | 000,025,682 | R--- | M] () -- C:\Build_63spack.bat
[2011/08/14 16:50:45 | 000,025,186 | R--- | M] () -- C:\Build_63spack022406.bat
[2011/08/14 16:50:45 | 000,025,617 | R--- | M] () -- C:\Build_63spack56.bat
[2011/08/14 16:50:45 | 000,025,687 | R--- | M] () -- C:\Build_63spack56_test.bat
[2011/08/14 16:50:45 | 000,025,186 | R--- | M] () -- C:\Build_63spack_01052006.bat
[2011/08/14 16:50:45 | 000,025,730 | R--- | M] () -- C:\Build_63spack_020106.bat
[2011/08/14 16:50:46 | 000,024,842 | R--- | M] () -- C:\Build_63spack_11152005.bat
[2011/08/14 16:50:46 | 000,023,709 | R--- | M] () -- C:\Build_63spack_826.bat
[2011/08/14 16:50:46 | 000,024,631 | R--- | M] () -- C:\Build_63spack_913.bat
[2011/08/14 16:50:46 | 000,024,844 | R--- | M] () -- C:\Build_63spack_926.bat
[2011/08/14 16:50:47 | 000,025,523 | R--- | M] () -- C:\Build_63spack_non56.bat
[2011/08/14 16:50:47 | 000,024,708 | R--- | M] () -- C:\Build_63spack_test.bat
[2011/08/14 16:50:47 | 000,021,216 | R--- | M] () -- C:\Build_63spack_vss.bat
[2011/08/14 16:50:47 | 000,023,276 | R--- | M] () -- C:\Build_63spack_withIC.bat
[2011/08/14 16:50:52 | 000,000,467 | R--- | M] () -- C:\bumpver.bat
[2011/08/14 16:50:52 | 000,018,432 | R--- | M] () -- C:\Bumpver.exe
[2010/09/26 02:05:41 | 000,175,120 | ---- | M] () -- C:\C2C.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/10/25 02:22:58 | 000,037,497 | ---- | M] () -- C:\ComboFix.txt
[2010/09/24 18:30:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/08/14 16:50:53 | 000,000,520 | R--- | M] () -- C:\convertAllModels.bat
[2011/08/14 16:50:53 | 000,025,698 | R--- | M] () -- C:\Copy (2) of Build_63spack.bat
[2011/08/14 16:50:53 | 000,025,333 | R--- | M] () -- C:\Copy of Build_63spack_non56.bat
[2011/08/14 16:50:54 | 000,001,428 | R--- | M] () -- C:\copyfile.bat
[2011/08/14 16:50:54 | 000,004,521 | R--- | M] () -- C:\copyreg.bat
[2011/08/14 16:50:55 | 000,105,984 | R--- | M] () -- C:\ctm.exe
[2011/08/14 16:50:55 | 000,043,008 | R--- | M] () -- C:\dbwrite.exe
[2011/08/14 16:50:56 | 000,011,111 | R--- | M] () -- C:\DELTREE.EXE
[2011/08/14 16:50:56 | 000,001,528 | R--- | M] () -- C:\Endmail.pl
[2011/08/14 16:50:57 | 000,107,520 | R--- | M] () -- C:\filePoller.exe
[2010/09/24 19:25:26 | 000,000,968 | ---- | M] () -- C:\freefallprotection.log
[2011/08/14 16:50:57 | 000,020,566 | R--- | M] () -- C:\gtAllCur.bat
[2011/08/14 16:50:58 | 000,018,472 | R--- | M] () -- C:\gtAllCur021407.bat
[2011/08/14 16:50:58 | 000,011,940 | R--- | M] () -- C:\gtAllCur_old.bat
[2011/08/14 16:50:58 | 000,005,871 | R--- | M] () -- C:\gtAllCur_withIC.bat
[2011/08/14 16:50:59 | 000,003,656 | R--- | M] () -- C:\gtAllLab.bat
[2011/08/14 16:50:59 | 000,000,550 | R--- | M] () -- C:\gtModCur.bat
[2011/08/14 16:50:59 | 000,000,660 | R--- | M] () -- C:\gtModLab.bat
[2011/08/14 16:50:59 | 000,001,764 | R--- | M] () -- C:\gtOneCur.bat
[2011/08/14 16:51:00 | 000,001,762 | R--- | M] () -- C:\gtOneLab.bat
[2010/09/24 18:30:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/16 16:15:43 | 000,018,998 | ---- | M] () -- C:\jresetup.log
[2011/08/14 16:51:00 | 000,000,645 | R--- | M] () -- C:\LabAllGd.bat
[2011/08/14 16:51:00 | 000,000,337 | R--- | M] () -- C:\LabGood.bat
[2011/08/14 16:51:01 | 000,036,864 | R--- | M] () -- C:\ListViewer.exe
[2011/08/14 16:51:01 | 000,054,384 | R--- | M] () -- C:\makefile.def
[2011/08/14 16:51:01 | 000,001,434 | R--- | M] () -- C:\MakeJobManager.bat
[2011/08/14 16:51:02 | 000,004,561 | R--- | M] () -- C:\MakeLeafCode.bat
[2011/08/14 16:51:02 | 000,004,311 | R--- | M] () -- C:\MakeLeafCode_add_iADC.bat
[2011/08/14 16:51:02 | 000,001,293 | R--- | M] () -- C:\Makeone.bat
[2011/08/14 16:51:03 | 000,058,880 | R--- | M] () -- C:\makerpt.exe
[2010/09/24 18:30:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/14 16:51:03 | 000,000,054 | R--- | M] () -- C:\nmd.cmd
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/14 16:51:05 | 000,172,089 | R--- | M] () -- C:\osversion.exe
[2011/10/29 22:50:21 | 4293,918,720 | -HS- | M] () -- C:\pagefile.sys
[2011/08/14 16:51:05 | 000,001,465 | R--- | M] () -- C:\postBuild.bat
[2011/08/14 16:51:05 | 000,000,452 | R--- | M] () -- C:\PSM.BAT
[2011/08/20 00:58:49 | 000,001,074 | ---- | M] () -- C:\pspbrwse.jbf
[2011/03/28 02:58:51 | 000,000,057 | ---- | M] () -- C:\RadminLogfile.txt
[2011/08/14 16:51:07 | 000,229,439 | R--- | M] () -- C:\ReArrangeFiles.exe
[2011/08/14 16:51:07 | 000,000,525 | R--- | M] () -- C:\setall.bat
[2011/08/14 16:51:07 | 000,000,287 | R--- | M] () -- C:\setlabel.bat
[2011/08/14 16:51:08 | 000,000,628 | R--- | M] () -- C:\settings.bat
[2011/08/14 16:51:14 | 001,099,264 | R--- | M] () -- C:\SetUpSuperMake.doc
[2011/08/14 16:51:15 | 000,000,128 | R--- | M] () -- C:\SetVCC.bat
[2011/08/14 16:51:15 | 000,000,608 | R--- | M] () -- C:\SimpleBuild.bat
[2011/08/14 16:51:15 | 000,020,429 | R--- | M] () -- C:\Sm.bat
[2011/08/14 16:51:16 | 000,019,807 | R--- | M] () -- C:\Sm011707.bat
[2011/08/14 16:51:16 | 000,000,257 | R--- | M] () -- C:\SmConfig.db
[2011/08/14 16:51:17 | 000,019,682 | R--- | M] () -- C:\SmModels.bat
[2011/08/14 16:51:17 | 000,001,680 | R--- | M] () -- C:\smsettings.bat
[2011/08/14 16:51:16 | 000,017,768 | R--- | M] () -- C:\Sm_org.bat
[2011/08/14 16:51:17 | 000,000,777 | R--- | M] () -- C:\startmail.pl
[2011/08/14 16:51:18 | 000,105,984 | R--- | M] () -- C:\stm.exe
[2011/10/28 11:48:54 | 000,000,495 | ---- | M] () -- C:\stub.log
[2011/08/14 16:51:18 | 000,000,551 | R--- | M] () -- C:\supermake.ini
[2011/10/24 11:14:45 | 000,017,137 | ---- | M] () -- C:\SystemLog.txt
[2010/12/22 00:54:17 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2011/08/14 16:51:19 | 000,113,664 | R--- | M] () -- C:\vercheck.exe
[2011/08/14 16:51:19 | 000,000,225 | R--- | M] () -- C:\VERSION.RC2
[2011/08/14 16:51:20 | 000,001,296 | ---- | M] () -- C:\vssver.scc
[2011/08/14 16:51:20 | 000,002,003 | R--- | M] () -- C:\WriteStatus.bat

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/09/24 18:30:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2010/07/06 01:12:31 | 000,986,772 | ---- | M] () -- C:\WINDOWS\WhaleShark1920x1080.jpg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2001/07/13 07:04:00 | 000,253,952 | ---- | M] () -- C:\WINDOWS\Jasc Media Center Plus.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/09/24 11:16:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/09/24 11:16:52 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/09/24 11:16:52 | 000,925,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/09/24 18:30:23 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/29 04:58:42 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/09/29 04:58:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/29 04:58:42 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/10/24 17:11:42 | 000,012,282 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
FilterPro Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/10/29 22:51:00 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 18:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 05:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/02 23:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 05:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 23:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1995/08/02 06:02:00 | 000,399,984 | ---- | M] (Bits Per Second Ltd) -- C:\WINDOWS\system\GSW16.EXE
[1998/06/17 06:40:00 | 000,406,016 | ---- | M] (Bits Per Second Ltd) -- C:\WINDOWS\system\GSW32.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"UseWUServer" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[Rwolf01]

Extras.txt Part 1:
OTL Extras logfile created on: 10/29/2011 10:53:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 92.29% Memory free
7.27 Gb Paging File | 7.20 Gb Available in Paging File | 99.09% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.66 Gb Total Space | 68.89 Gb Free Space | 61.70% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 150.13 Gb Free Space | 32.23% Space Free | Partition Type: NTFS
Drive E: | 7.44 Gb Total Space | 7.44 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive R: | 931.51 Gb Total Space | 324.45 Gb Free Space | 34.83% Space Free | Partition Type: NTFS

Computer Name: RWOLF01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger" = %ProgramFiles%\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger
"%ProgramFiles%\Nortel Networks\Extranet.exe:*:enabled:Nortel VPN Client" = %ProgramFiles%\Nortel Networks\Extranet.exe:*:enabled:Nortel VPN Client
"%ProgramFiles%\SAP\FrontEnd\saplgpad.exe:*:enabled:SAP AG, Walldorf" = %ProgramFiles%\SAP\FrontEnd\saplgpad.exe:*:enabled:SAP AG, Walldorf

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:enabled:Offer Remote Assistance TCP Port" = 135:TCP:*:enabled:Offer Remote Assistance TCP Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"35205:TCP" = 35205:TCP:*:Enabled:Trend Micro OfficeScan Listener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"35205:TCP" = 35205:TCP:*:Enabled:Trend Micro OfficeScan Listener
"3622:UDP" = 3622:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"3623:UDP" = 3623:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)

========== Authorized Applications List ==========

 

[Broni]

Bounced into safe mode

Why?

 

[Rwolf01]

Sorry, your system won't let me cut & paste the contents of extras.txt...

I get error messages like:

1.You have included 53 images in your message. You are limited to using 6 images so please go back and correct the problem and then continue again.

Images include use of smilies, the BB code tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator.


and/or that I have pasted more than 50000 characters.

Can I email or attache the file?

 

[Rwolf01]

I ran OTL in safe mode because I can't disable TrendMicro when operating normally and I didn't want them to interact in some way. (I'm a contractor and the IT people at one of my clients insisted on installing it before giving me access to their netowrk)

 

[Rwolf01]

Here is the full contents of OTL's "extras.txt" as an attachement.

(Sorry about the zip. The forum has a 200k limit on txt files.)

Best Regards,

Ralph

 

[Broni]

I'll need OTL.txt from normal mode.

 

[Rwolf01]

I understand. Standby...

 

[Rwolf01]

Here you go. Sorry for being dense. I was looking where the light is good instead of where I lost the money....

>> 1.The text that you have entered is too long (62934 characters). Please shorten it to 50000 characters long.

See attachement.

- Rwolf

 

[Broni]

You have to split it between two replies

 

[Rwolf01]

Did you ever see "Brazil"? ("You have to say the number!

======================
OTLnormalmode.txt part 1:


OTL logfile created on: 10/30/2011 10:47:00 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rwolf\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.43 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 82.07% Memory free
7.25 Gb Paging File | 6.79 Gb Available in Paging File | 93.66% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.66 Gb Total Space | 68.79 Gb Free Space | 61.61% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 150.11 Gb Free Space | 32.23% Space Free | Partition Type: NTFS
Drive E: | 7.44 Gb Total Space | 7.44 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive R: | 931.51 Gb Total Space | 324.45 Gb Free Space | 34.83% Space Free | Partition Type: NTFS

Computer Name: RWOLF01 | User Name: rwolf | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rwolf\Desktop\OTL.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/02/22 16:55:10 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2010/12/03 17:20:12 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\nuggets(migrate-to-D-drive)\PureText\PureText.exe
PRC - [2010/11/15 13:32:46 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/07/28 12:45:12 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/07/23 13:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/07/19 17:38:32 | 000,364,544 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2010/07/19 17:37:18 | 001,400,832 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/07/19 17:34:02 | 000,966,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/07/19 17:26:06 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/06/01 14:47:38 | 000,090,112 | ---- | M] (Scalable Software, Inc.) -- C:\Program Files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe
PRC - [2010/05/18 23:42:02 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/05/18 23:42:02 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/02/05 18:01:00 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/02/02 18:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/02/02 18:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/01/07 12:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/07/07 02:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe


========== Modules (No Company Name) ==========

MOD - [2010/07/28 12:45:12 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/03/23 14:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2001/08/17 22:36:16 | 000,089,088 | ---- | M] () -- C:\WINDOWS\system32\hpgt33.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010/11/15 13:32:46 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/07/23 13:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/07/19 17:38:32 | 000,364,544 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2010/07/19 17:34:02 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/06/01 14:47:38 | 000,503,808 | ---- | M] (Scalable Software, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\SCInstallerNT.exe -- (SSI Client Installer)
SRV - [2010/06/01 14:47:38 | 000,090,112 | ---- | M] (Scalable Software, Inc.) [Auto | Running] -- C:\Program Files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe -- (SSI Survey Client)
SRV - [2010/05/18 23:42:02 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/02/02 18:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Unknown | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/02/02 18:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Unknown | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2010/01/07 12:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [Unknown | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2004/12/20 09:47:32 | 000,724,992 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\r_server.exe -- (r_server)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/11/15 13:19:12 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/07/23 13:25:46 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/23 13:25:38 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/23 13:25:30 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/07/20 03:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/07/20 03:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/07/20 03:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/07/14 04:34:00 | 006,650,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel(R)
DRV - [2010/07/09 10:41:42 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/07/09 10:41:34 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stdcfltn.sys -- (stdcfltn)
DRV - [2010/06/21 21:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/05/19 22:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/18 23:42:02 | 001,660,691 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/04/06 00:35:56 | 000,168,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2010/03/23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/03/19 16:39:08 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010/02/26 23:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/23 13:39:56 | 000,054,048 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CBUL32.sys -- (CBUL32)
DRV - [2010/01/19 12:50:12 | 000,235,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/01/07 09:43:04 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/10/22 08:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 08:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/04/21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/04/08 17:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2007/11/14 20:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/09/13 09:52:18 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2007/09/13 09:51:58 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2007/09/13 09:51:58 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 02:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/04 03:26:18 | 000,000,000 | ---D | M]

[2010/11/17 02:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rwolf\Application Data\Mozilla\Extensions
[2010/11/17 02:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rwolf\Application Data\Mozilla\Firefox\Profiles\xlw1tb4u.default\extensions
[2010/11/17 02:14:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\rwolf\Application Data\Mozilla\Firefox\Profiles\xlw1tb4u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/18 16:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/17 02:18:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/27 01:15:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/20 07:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/18 11:53:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/18 16:55:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/11/17 02:17:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/25 02:14:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEBrowserHelperObject Class) - {86EA4148-BEE6-4CEE-A72F-DA27A5112BD1} - C:\WINDOWS\system32\ssibrowserhook5.dll (Scalable Software, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\.DEFAULT..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
O4 - HKU\S-1-5-18..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
O4 - HKU\S-1-5-21-1668661-46489196-359291519-174450..\Run: [\\192.168.0.129\EPSON WF1100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1668661-46489196-359291519-174450..\Run: [\\rwolf00\EPSON WF1100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1668661-46489196-359291519-174450..\Run: [PureText] C:\nuggets(migrate-to-D-drive)\PureText\PureText.exe (http://www.SteveMiller.net)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Ralph Wolf\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablelockworkstation = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablelockworkstation = 1
O15 - HKLM\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: digikey.com ([ordering] https in Trusted sites)
O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285381672593 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1285389881531 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adcorp.kla-tencor.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{175E30C5-8C70-49C8-9A9C-2F57092E95E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56EB5E61-440E-47A0-AF68-4ADD7964AB14}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\rwolf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\rwolf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/24 18:30:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,221 | R--- | M] () - C:\autoinstall.bat -- [ NTFS ]
O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,164 | R--- | M] () - C:\autoinstalld.bat -- [ NTFS ]
O32 - AutoRun File - [2011/08/14 16:50:42 | 000,000,532 | R--- | M] () - C:\AutomateTest.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 10:46:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rwolf\Desktop\OTL.exe
[2011/10/28 11:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP PrecisionScan LT Software
[2011/10/28 11:37:18 | 000,081,920 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\HP3300T.dll
[2011/10/28 11:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/10/28 11:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwolf\WINDOWS
[2011/10/28 11:36:23 | 000,000,000 | ---D | C] -- C:\sj650
[2011/10/25 02:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwolf\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/25 02:22:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/25 02:09:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/25 01:57:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/25 01:57:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/25 01:57:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/25 01:57:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/22 22:33:27 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/22 22:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/10/18 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/05 11:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwolf\Application Data\webex
[2011/10/05 11:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwolf\My Documents\WebEx
[2011/10/05 11:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2011/10/03 02:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwolf\My Documents\NewBlueFX
[2011/10/03 02:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/10/03 01:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartSound
[2011/10/03 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2011/10/03 01:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/09/24 19:09:15 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/30 10:44:06 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
[2011/10/30 10:25:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/30 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KLASJ-rwolf.job
[2011/10/30 00:05:49 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/30 00:05:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/30 00:05:44 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/29 23:56:36 | 000,449,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/29 23:56:36 | 000,073,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/29 23:52:46 | 000,000,463 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2011/10/29 23:52:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/29 14:40:35 | 000,003,572 | RHS- | M] () -- C:\Documents and Settings\rwolf\ntuser.pol
[2011/10/28 11:45:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2011/10/27 13:40:07 | 000,018,072 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rwolf\Desktop\OTL.exe
[2011/10/25 02:14:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/25 02:09:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/10/24 17:11:42 | 000,012,282 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/22 22:33:26 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/21 16:33:30 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\rwolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/18 21:45:00 | 000,009,644 | ---- | M] () -- C:\Documents and Settings\rwolf\Desktop\R6357_TransitTimeModel.gif
[2011/10/10 12:43:13 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/03 02:14:25 | 000,000,007 | ---- | M] () -- C:\Documents and Settings\rwolf\My Documents\tempFolderPath.dat
[2011/10/03 01:53:17 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 10.lnk
[2011/10/03 00:37:12 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 10.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

[Rwolf01]

OTLnormalmode.txt part 2:

========== Files Created - No Company Name ==========

[2011/10/28 11:42:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
[2011/10/28 11:42:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/10/28 11:37:20 | 000,001,080 | ---- | C] () -- C:\WINDOWS\AUTOLNCH.REG
[2011/10/28 11:37:18 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/10/28 11:37:18 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/10/25 02:09:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/25 02:09:38 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/10/25 01:57:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/25 01:57:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/25 01:57:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/25 01:57:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/25 01:57:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/19 01:05:59 | 000,009,644 | ---- | C] () -- C:\Documents and Settings\rwolf\Desktop\R6357_TransitTimeModel.gif
[2011/10/03 02:14:25 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\rwolf\My Documents\tempFolderPath.dat
[2011/10/03 01:53:17 | 000,002,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Elements 10.lnk
[2011/10/03 01:53:17 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 10.lnk
[2011/10/03 01:05:10 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KLASJ-rwolf.job
[2011/10/03 00:48:24 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011/10/03 00:37:12 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2011/10/03 00:37:12 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 10.lnk
[2011/09/19 19:02:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/07/10 23:17:43 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/07/07 16:14:56 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011/03/29 01:29:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/01/02 09:43:06 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\rwolf\Application Data\$_hpcst$.hpc
[2010/12/26 20:18:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2010/12/26 20:18:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2010/12/26 19:27:40 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\rwolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/11 00:19:26 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
[2010/11/17 19:54:06 | 000,724,992 | ---- | C] () -- C:\WINDOWS\System32\r_server.exe
[2010/11/17 02:08:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/08 03:43:11 | 000,162,783 | ---- | C] () -- C:\WINDOWS\FilterPro Uninstaller.exe
[2010/11/02 13:59:44 | 000,000,463 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2010/10/15 01:03:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\inscal32.INI
[2010/10/15 00:27:26 | 000,054,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\CBUL32.sys
[2010/09/29 10:43:40 | 000,018,072 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2010/09/27 19:12:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2010/09/27 19:12:41 | 000,006,472 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2010/09/26 16:27:26 | 000,000,146 | ---- | C] () -- C:\WINDOWS\capture.INI
[2010/09/25 11:10:06 | 002,146,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/25 01:11:41 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/09/24 20:40:09 | 000,000,866 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/24 19:09:15 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2010/09/24 19:09:15 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2010/09/24 19:09:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/09/24 18:32:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/24 18:28:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/24 11:18:37 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/24 11:17:46 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/23 14:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 14:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,449,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,073,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/15 09:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 09:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/11/15 15:26:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\USBCtrl.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/11/16 23:28:34 | 000,225,402 | ---- | C] () -- C:\WINDOWS\System32\CWtoVision.dll
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
[1998/08/05 22:01:06 | 000,823,296 | ---- | C] () -- C:\WINDOWS\System32\Nsppx.dll
[1998/08/05 22:01:04 | 000,829,952 | ---- | C] () -- C:\WINDOWS\System32\Nspp5.dll
[1998/08/05 22:01:04 | 000,811,520 | ---- | C] () -- C:\WINDOWS\System32\Nspp6.dll
[1998/08/05 22:01:02 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\Nspp4.dll
[1998/08/05 22:01:00 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\Nspm5.dll
[1998/08/05 22:01:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Nsp.dll
[1998/08/05 22:00:50 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\Cpuid32.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

========== LOP Check ==========

[2011/02/03 12:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/09/24 21:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/09/26 16:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/11 03:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2011/10/03 02:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/02 09:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/12/11 00:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Scalable Software
[2011/10/03 01:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/08/17 17:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Arduino
[2011/10/25 02:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/04 00:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Mikron
[2010/12/26 20:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Opera
[2011/08/17 02:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\PyScripter
[2011/01/02 09:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\Samsung
[2011/01/02 16:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\V-Planner
[2011/10/05 11:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwolf\Application Data\webex

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/10/23 02:10:10 | 000,000,220 | ---- | M] () -- C:\aaw7boot.log
[2010/09/26 16:56:40 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2011/08/14 16:50:42 | 000,003,356 | R--- | M] () -- C:\AITidlcompiler.bat
[2010/09/24 18:30:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/14 16:50:42 | 000,000,221 | R--- | M] () -- C:\autoinstall.bat
[2011/08/14 16:50:42 | 000,000,164 | R--- | M] () -- C:\autoinstalld.bat
[2011/08/14 16:50:42 | 000,000,532 | R--- | M] () -- C:\AutomateTest.bat
[2010/11/09 00:59:23 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2011/10/25 02:09:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/08/14 16:50:43 | 000,176,212 | R--- | M] () -- C:\Build.exe
[2011/08/14 16:50:43 | 000,155,700 | R--- | M] () -- C:\Build63spack.exe
[2011/08/14 16:50:44 | 000,155,706 | R--- | M] () -- C:\Build63SPack_56.exe
[2011/08/14 16:50:47 | 000,016,664 | R--- | M] () -- C:\builddiag.bat
[2011/08/14 16:50:48 | 000,003,372 | R--- | M] () -- C:\Builder.bat
[2011/08/14 16:50:49 | 000,176,212 | R--- | M] () -- C:\Buildnew.exe
[2011/08/14 16:50:50 | 000,176,212 | R--- | M] () -- C:\BuildSP2_010207.exe
[2011/08/14 16:50:52 | 000,176,212 | R--- | M] () -- C:\Buildsp2_021407.exe
[2011/08/14 16:50:44 | 000,025,682 | R--- | M] () -- C:\Build_63spack.bat
[2011/08/14 16:50:45 | 000,025,186 | R--- | M] () -- C:\Build_63spack022406.bat
[2011/08/14 16:50:45 | 000,025,617 | R--- | M] () -- C:\Build_63spack56.bat
[2011/08/14 16:50:45 | 000,025,687 | R--- | M] () -- C:\Build_63spack56_test.bat
[2011/08/14 16:50:45 | 000,025,186 | R--- | M] () -- C:\Build_63spack_01052006.bat
[2011/08/14 16:50:45 | 000,025,730 | R--- | M] () -- C:\Build_63spack_020106.bat
[2011/08/14 16:50:46 | 000,024,842 | R--- | M] () -- C:\Build_63spack_11152005.bat
[2011/08/14 16:50:46 | 000,023,709 | R--- | M] () -- C:\Build_63spack_826.bat
[2011/08/14 16:50:46 | 000,024,631 | R--- | M] () -- C:\Build_63spack_913.bat
[2011/08/14 16:50:46 | 000,024,844 | R--- | M] () -- C:\Build_63spack_926.bat
[2011/08/14 16:50:47 | 000,025,523 | R--- | M] () -- C:\Build_63spack_non56.bat
[2011/08/14 16:50:47 | 000,024,708 | R--- | M] () -- C:\Build_63spack_test.bat
[2011/08/14 16:50:47 | 000,021,216 | R--- | M] () -- C:\Build_63spack_vss.bat
[2011/08/14 16:50:47 | 000,023,276 | R--- | M] () -- C:\Build_63spack_withIC.bat
[2011/08/14 16:50:52 | 000,000,467 | R--- | M] () -- C:\bumpver.bat
[2011/08/14 16:50:52 | 000,018,432 | R--- | M] () -- C:\Bumpver.exe
[2010/09/26 02:05:41 | 000,175,120 | ---- | M] () -- C:\C2C.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/10/25 02:22:58 | 000,037,497 | ---- | M] () -- C:\ComboFix.txt
[2010/09/24 18:30:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/08/14 16:50:53 | 000,000,520 | R--- | M] () -- C:\convertAllModels.bat
[2011/08/14 16:50:53 | 000,025,698 | R--- | M] () -- C:\Copy (2) of Build_63spack.bat
[2011/08/14 16:50:53 | 000,025,333 | R--- | M] () -- C:\Copy of Build_63spack_non56.bat
[2011/08/14 16:50:54 | 000,001,428 | R--- | M] () -- C:\copyfile.bat
[2011/08/14 16:50:54 | 000,004,521 | R--- | M] () -- C:\copyreg.bat
[2011/08/14 16:50:55 | 000,105,984 | R--- | M] () -- C:\ctm.exe
[2011/08/14 16:50:55 | 000,043,008 | R--- | M] () -- C:\dbwrite.exe
[2011/08/14 16:50:56 | 000,011,111 | R--- | M] () -- C:\DELTREE.EXE
[2011/08/14 16:50:56 | 000,001,528 | R--- | M] () -- C:\Endmail.pl
[2011/08/14 16:50:57 | 000,107,520 | R--- | M] () -- C:\filePoller.exe
[2010/09/24 19:25:26 | 000,000,968 | ---- | M] () -- C:\freefallprotection.log
[2011/08/14 16:50:57 | 000,020,566 | R--- | M] () -- C:\gtAllCur.bat
[2011/08/14 16:50:58 | 000,018,472 | R--- | M] () -- C:\gtAllCur021407.bat
[2011/08/14 16:50:58 | 000,011,940 | R--- | M] () -- C:\gtAllCur_old.bat
[2011/08/14 16:50:58 | 000,005,871 | R--- | M] () -- C:\gtAllCur_withIC.bat
[2011/08/14 16:50:59 | 000,003,656 | R--- | M] () -- C:\gtAllLab.bat
[2011/08/14 16:50:59 | 000,000,550 | R--- | M] () -- C:\gtModCur.bat
[2011/08/14 16:50:59 | 000,000,660 | R--- | M] () -- C:\gtModLab.bat
[2011/08/14 16:50:59 | 000,001,764 | R--- | M] () -- C:\gtOneCur.bat
[2011/08/14 16:51:00 | 000,001,762 | R--- | M] () -- C:\gtOneLab.bat
[2010/09/24 18:30:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/16 16:15:43 | 000,018,998 | ---- | M] () -- C:\jresetup.log
[2011/08/14 16:51:00 | 000,000,645 | R--- | M] () -- C:\LabAllGd.bat
[2011/08/14 16:51:00 | 000,000,337 | R--- | M] () -- C:\LabGood.bat
[2011/08/14 16:51:01 | 000,036,864 | R--- | M] () -- C:\ListViewer.exe
[2011/08/14 16:51:01 | 000,054,384 | R--- | M] () -- C:\makefile.def
[2011/08/14 16:51:01 | 000,001,434 | R--- | M] () -- C:\MakeJobManager.bat
[2011/08/14 16:51:02 | 000,004,561 | R--- | M] () -- C:\MakeLeafCode.bat
[2011/08/14 16:51:02 | 000,004,311 | R--- | M] () -- C:\MakeLeafCode_add_iADC.bat
[2011/08/14 16:51:02 | 000,001,293 | R--- | M] () -- C:\Makeone.bat
[2011/08/14 16:51:03 | 000,058,880 | R--- | M] () -- C:\makerpt.exe
[2010/09/24 18:30:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/14 16:51:03 | 000,000,054 | R--- | M] () -- C:\nmd.cmd
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/14 16:51:05 | 000,172,089 | R--- | M] () -- C:\osversion.exe
[2011/10/29 23:52:14 | 4278,190,080 | -HS- | M] () -- C:\pagefile.sys
[2011/08/14 16:51:05 | 000,001,465 | R--- | M] () -- C:\postBuild.bat
[2011/08/14 16:51:05 | 000,000,452 | R--- | M] () -- C:\PSM.BAT
[2011/08/20 00:58:49 | 000,001,074 | ---- | M] () -- C:\pspbrwse.jbf
[2011/03/28 02:58:51 | 000,000,057 | ---- | M] () -- C:\RadminLogfile.txt
[2011/08/14 16:51:07 | 000,229,439 | R--- | M] () -- C:\ReArrangeFiles.exe
[2011/08/14 16:51:07 | 000,000,525 | R--- | M] () -- C:\setall.bat
[2011/08/14 16:51:07 | 000,000,287 | R--- | M] () -- C:\setlabel.bat
[2011/08/14 16:51:08 | 000,000,628 | R--- | M] () -- C:\settings.bat
[2011/08/14 16:51:14 | 001,099,264 | R--- | M] () -- C:\SetUpSuperMake.doc
[2011/08/14 16:51:15 | 000,000,128 | R--- | M] () -- C:\SetVCC.bat
[2011/08/14 16:51:15 | 000,000,608 | R--- | M] () -- C:\SimpleBuild.bat
[2011/08/14 16:51:15 | 000,020,429 | R--- | M] () -- C:\Sm.bat
[2011/08/14 16:51:16 | 000,019,807 | R--- | M] () -- C:\Sm011707.bat
[2011/08/14 16:51:16 | 000,000,257 | R--- | M] () -- C:\SmConfig.db
[2011/08/14 16:51:17 | 000,019,682 | R--- | M] () -- C:\SmModels.bat
[2011/08/14 16:51:17 | 000,001,680 | R--- | M] () -- C:\smsettings.bat
[2011/08/14 16:51:16 | 000,017,768 | R--- | M] () -- C:\Sm_org.bat
[2011/08/14 16:51:17 | 000,000,777 | R--- | M] () -- C:\startmail.pl
[2011/08/14 16:51:18 | 000,105,984 | R--- | M] () -- C:\stm.exe
[2011/10/28 11:48:54 | 000,000,495 | ---- | M] () -- C:\stub.log
[2011/08/14 16:51:18 | 000,000,551 | R--- | M] () -- C:\supermake.ini
[2011/10/24 11:14:45 | 000,017,137 | ---- | M] () -- C:\SystemLog.txt
[2010/12/22 00:54:17 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2011/08/14 16:51:19 | 000,113,664 | R--- | M] () -- C:\vercheck.exe
[2011/08/14 16:51:19 | 000,000,225 | R--- | M] () -- C:\VERSION.RC2
[2011/08/14 16:51:20 | 000,001,296 | ---- | M] () -- C:\vssver.scc
[2011/08/14 16:51:20 | 000,002,003 | R--- | M] () -- C:\WriteStatus.bat

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/09/24 18:30:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2010/07/06 01:12:31 | 000,986,772 | ---- | M] () -- C:\WINDOWS\WhaleShark1920x1080.jpg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2001/07/13 07:04:00 | 000,253,952 | ---- | M] () -- C:\WINDOWS\Jasc Media Center Plus.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/09/24 11:16:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/09/24 11:16:52 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/09/24 11:16:52 | 000,925,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/09/24 18:30:23 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/28 16:08:54 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\rwolf\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/09/28 16:08:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\rwolf\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/10/26 06:08:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rwolf\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/08/13 22:32:20 | 011,561,000 | ---- | M] () -- C:\Documents and Settings\rwolf\My Documents\DELL_MULTI-TOUCH-TOUCHPAD_A08_R298889.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/28 16:08:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\rwolf\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/10/24 17:11:42 | 000,012,282 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
FilterPro Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/10/30 09:45:59 | 000,458,752 | -HS- | M] () -- C:\Documents and Settings\rwolf\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 18:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 05:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/02 23:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 05:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 05:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 23:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1995/08/02 06:02:00 | 000,399,984 | ---- | M] (Bits Per Second Ltd) -- C:\WINDOWS\system\GSW16.EXE
[1998/06/17 06:40:00 | 000,406,016 | ---- | M] (Bits Per Second Ltd) -- C:\WINDOWS\system\GSW32.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"UseWUServer" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[Broni]

Did you ever see "Brazil"? ("You have to say the number!

What?.....LOL

=====================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - [2007/11/14 20:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
  O4 - HKU\.DEFAULT..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
  O4 - HKU\S-1-5-18..\Run: [Bomgar_Cleanup_ZD299682678] cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E4AC44E" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD299682678 /f File not found
  O15 - HKLM\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
  O15 - HKLM\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
  O15 - HKLM\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
  O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: digikey.com ([ordering] https in Trusted sites)
  O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]* in Local intranet)
  O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]http in Trusted sites)
  O15 - HKU\S-1-5-21-1668661-46489196-359291519-174450\..Trusted Domains: kla-tencor.com ([]https in Trusted sites)
  O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
  "DisableMonitoring" =-
  
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Rwolf01]

A strange but brilliant film from the 80s about technology and society run amok.

One of the many sub-plots is that nothing works like it is supposed to and the heroes who keep the system from collapsing are officially outlaws and troublemakers.

Harry Tuttle, the most wanted man in the country, is a heating engineer who has gone rogue.

Here is is doing a house call.... http://www.youtube.com/watch?v=eosrujtjJHA

Back in a few minutes with scan results....

 

[Rwolf01]

You need to know that I foolishly started this while several other programs were still running, including a VPN and outlook.

It spent a long time with just a blank desktop and a mouse. The mouse moved but it did not respont to Ctrl-Alt-Del. Eventually it did shut down on it's own.

Hopefully it ran correctly, despite my blunder, but I thought you should know.

Here is the OTL log generated after reboot:

All processes killed
========== OTL ==========
Service vsdatant stopped successfully!
Service vsdatant deleted successfully!
C:\WINDOWS\system32\vsdatant.sys moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD299682678 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD299682678 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\digikey.com\ordering\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1668661-46489196-359291519-174450\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kla-tencor.com\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ralph Wolf
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: rwolf
->Temp folder emptied: 26965810 bytes
->Temporary Internet Files folder emptied: 217691255 bytes
->Java cache emptied: 183003 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 78722 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 584192 bytes

Total Files Cleaned = 234.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Ralph Wolf
->Flash cache emptied: 0 bytes

User: rwolf
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10302011_120510

Files\Folders moved on Reboot...
C:\Documents and Settings\rwolf\Local Settings\Temp\ExchangePerflog_8484fa314ef77338dcd6c672.dat moved successfully.
File\Folder C:\Documents and Settings\rwolf\Local Settings\Temp\flaCF.tmp not found!
File\Folder C:\Documents and Settings\rwolf\Local Settings\Temp\pptCE.tmp not found!
C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.Word\~WRF{42DC9A95-9B08-4F3E-BAF9-9E200AF25E5D}.tmp moved successfully.
C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.Word\~WRS{AFFB0644-D781-460F-8374-E2AD81C35C17}.tmp moved successfully.
C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.Word\~WRS{BF0A9526-60D5-4909-A6D4-A6C0104D6392}.tmp moved successfully.
C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.Word\~WRS{CB87424D-C451-422B-832B-8B9D1CAB29F1}.tmp moved successfully.
File\Folder C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.MSO\msoC9.tmp not found!
File\Folder C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.MSO\msoCA.tmp not found!
File\Folder C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.MSO\msoCB.tmp not found!
File\Folder C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.MSO\msoCC.tmp not found!
C:\Documents and Settings\rwolf\Local Settings\Temporary Internet Files\Content.IE5\ZQ01MAMQ\topic172485[1].html moved successfully.
File move failed. C:\WINDOWS\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

[Broni]

Looks good.

Go on....

I think I've seen that movie long time ago.

 

[Rwolf01]

M'kay. TrendMicro block security check so I bounced to SafeMode to download it.
Running in normal mode...
checkup.txt:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
Trend Micro OfficeScan Client
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 29
Java(TM) 6 Update 23
Out of date Java installed!
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Trend Micro OfficeScan Client pccntmon.exe
Trend Micro OfficeScan Client ntrtscan.exe
Trend Micro OfficeScan Client tmlisten.exe
Trend Micro OfficeScan Client TmProxy.exe
Trend Micro OfficeScan Client CNTAoSMgr.exe
Trend Micro BM TMBMSRV.exe
``````````End of Log````````````

 

[Broni]

Uninstall Java(TM) 6 Update 23

 

[Rwolf01]

old Java is gone.
TFC is done.
ESET says "No Threats Found."